Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Mismatch Between NatSpec and Function Implementation (Documentation + Actual Function Parameters)

OdeWeb3

Summary

The NatSpec comments for the verifyOffchainPrice function do not match the function's actual parameters and return values. The documentation describes parameters and returns that do not exist in the function implementation.

Vulnerability Details

Description: The NatSpec comment describes the function as returning the offchain price for a given order based on the configured strategy and its direction (bid vs ask). It mentions parameters like self, priceData, and maxVerificationDelay which are not present in the actual function. Additionally, it describes return values bidX18 and askX18, which are also not present in the function.

Root Cause: The NatSpec comments were not updated when the function parameters and return values were changed.

Proof of Concept:

Here is the mismatched function and its current NatSpec documentation:

/// @notice Returns the offchain price for a given order based on the configured strategy and its direction (bid
/// vs ask).
/// @dev New settlement strategies may be added in the future, hence the if-else statement.
/// @param self The {SettlementConfiguration} storage pointer.
/// @param priceData The unverified price report data.
/// @param maxVerificationDelay The maximum delay allowed for the off chain price verification.
/// @return bidX18 The offchain bid price.
/// @return askX18 The offchain ask price.
function verifyOffchainPrice(
bytes memory signedReport
)
internal
returns (bytes memory verifiedReportData)
{
IVerifierProxy chainlinkVerifier = dataStreamsStrategy.chainlinkVerifier;
bytes memory reportData = ChainlinkUtil.getReportData(signedReport);
(FeeAsset memory fee) = ChainlinkUtil.getEthVericationFee(chainlinkVerifier, reportData);
verifiedReportData = ChainlinkUtil.verifyReport(chainlinkVerifier, fee, signedReport);
}

Impact

  • Developers and users might be misled by the incorrect documentation, leading to improper use or misunderstanding of the function.

  • The absence of accurate documentation can cause confusion and potential bugs in the integration or use of this function.

Tools Used

Manual Review

Recommendations

Update the NatSpec comments to accurately reflect the function parameters and return values. Here's the updated function with comprehensive NatSpec documentation:

/// @notice Verifies the offchain price report based on the provided signed report.
/// @dev New settlement strategies may be added in the future, hence the if-else statement.
/// @param signedReport The signed offchain price report data.
/// @return verifiedReportData The verified offchain price report data.
function verifyOffchainPrice(
bytes memory signedReport
)
internal
returns (bytes memory verifiedReportData)
{
IVerifierProxy chainlinkVerifier = dataStreamsStrategy.chainlinkVerifier;
bytes memory reportData = ChainlinkUtil.getReportData(signedReport);
(FeeAsset memory fee) = ChainlinkUtil.getEthVericationFee(chainlinkVerifier, reportData);
verifiedReportData = ChainlinkUtil.verifyReport(chainlinkVerifier, fee, signedReport);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.