QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Stale Oracle Data Accepted If No Backup Oracles Exist

mbushbush

Stale Oracle Data Accepted If No Backup Oracles Exist

Code Snippets

https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-quantamm/contracts/UpdateWeightRunner.sol#L356

Summary

The _getData function may use stale oracle data if no backup oracles are configured. This can lead to incorrect weight adjustments based on outdated data.

Vulnerability Details

In _getData, if the primary oracle returns stale data and no backups exist, the fallback loop is skipped, and the function does not revert. As a result, stale primary oracle data is used despite failing the freshness threshold.

Reference: getData function

function _getData(address _pool, bool internalCall) private view returns (int256[] memory outputData) {
...
--> for (uint i; i < oracleLength; ) { // Audit: no backup oracles
// Asset is base asset
OracleData memory oracleResult;
oracleResult = _getOracleData(OracleWrapper(optimisedOracles[i]));
if (oracleResult.timestamp > block.timestamp - oracleStalenessThreshold) {
outputData[i] = oracleResult.data;
} else {
...
}
unchecked {
++i;
}
}
}

Impact

Stale data can lead to incorrect weight updates, economic inefficiencies, and security vulnerabilities.

Tools Used

Manual Review

Recommendations

Ensure _getData reverts without fresh data and promote backup oracles to ensure validate oracle data.

Updates

Lead Judging Commences

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

invalid_stale_price_when_no_backup_oracles_set

Cyfrin audit: 7.2.4 Stale Oracle prices accepted when no backup oracles available

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.