Submission Details
Severity:
`LibChainlinkOracle.getTokenPrice()` gets a token price incorrectly
Github link
Summary
getTokenPrice() will return an incorrect price because it checks for lookback wrongly.
Vulnerability Details
getTokenPrice() calculates a token price with the option of using a TWA lookback.
function getTokenPrice(
address priceAggregatorAddress,
uint256 maxTimeout,
uint256 lookback
) internal view returns (uint256 price) {
return
lookback > 0
? getPrice(priceAggregatorAddress, maxTimeout)
: getTwap(priceAggregatorAddress, maxTimeout, lookback);
}
But it gets a raw price for a positive lookback and uses a twap for 0 lookback. So it will return a wrong price with any lookback.
Impact
The protocol will use an incorrect token price when it calculates with a chainlink price feed.
Tools Used
Manual Review
Recommendations
We should fix like this.
function getTokenPrice(
address priceAggregatorAddress,
uint256 maxTimeout,
uint256 lookback
) internal view returns (uint256 price) {
return
- lookback > 0
+ lookback == 0
? getPrice(priceAggregatorAddress, maxTimeout)
: getTwap(priceAggregatorAddress, maxTimeout, lookback);
}
Updates
Lead Judging Commences
inallhonesty 11 months ago
Submission Judgement Published Assigned finding tags:
getTokenPrice never gives TWAP
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.