Submission Details
Severity:
The judgment in the `LibChainlinkOracle::getTokenPrice()` function is wrong, resulting in the wrong function being called
Summary
The judgment in the LibChainlinkOracle::getTokenPrice() function is wrong, resulting in the wrong function being called
Vulnerability Details
/**
* @dev Returns the TOKEN/USD price with the option of using a TWA lookback.
* Use `lookback = 0` for the instantaneous price. `lookback > 0` for a TWAP.
* Return value has 6 decimal precision.
* Returns 0 if `priceAggregatorAddress` is broken or frozen.
**/
function getTokenPrice(
address priceAggregatorAddress,
uint256 maxTimeout,
uint256 lookback
) internal view returns (uint256 price) {
return
@> lookback > 0
@> ? getPrice(priceAggregatorAddress, maxTimeout)
@> : getTwap(priceAggregatorAddress, maxTimeout, lookback);
}
// if lookback > 0 -> getPrice(priceAggregatorAddress, maxTimeout)
// else -> getTwap(priceAggregatorAddress, maxTimeout, lookback)
The binary judgment in the return part did not work as expected, resulting in an error in function execution.
Impact
The judgment in the LibChainlinkOracle::getTokenPrice() function is wrong, resulting in the wrong function being called
Tools Used
Manual Review
Recommendations
We may consider the following modifications
function getTokenPrice(
address priceAggregatorAddress,
uint256 maxTimeout,
uint256 lookback
) internal view returns (uint256 price) {
return
- lookback > 0
+ lookback == 0
? getPrice(priceAggregatorAddress, maxTimeout)
: getTwap(priceAggregatorAddress, maxTimeout, lookback);
}
Updates
Lead Judging Commences
inallhonesty 12 months ago
Submission Judgement Published Assigned finding tags:
getTokenPrice never gives TWAP
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.