QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

MultiHopOracle does not return latest timestamp

octeezy

Summary

MultiHopOracle::_getData loops through the configured oracles and has a condition to get the latest timestamp, the issue is that the condition does the opposite and gets the earliest timestamp.

Vulnerability Details

The _getData function ends up returning the earliest of the oracle timestamps instead of the latest.

function testPoCTimestamp() public {
vm.warp(1736372382);
int216 fixedValue1 = 1000;
int216 fixedValue2 = 0.001e18;
uint delay1 = 3600;
uint delay2 = 3650;
bool[] memory invert = new bool[]();
invert[0] = false;
invert[1] = false;
multiHopOracle = deployOracles(fixedValue1, fixedValue2, delay1, delay2, invert);
console.log("First timestamp: " , block.timestamp - delay1);
console.log("Second timestamp: " , block.timestamp - delay2);
(int216 data, uint40 timestampFinal) = multiHopOracle.getData();
uint40 nowTimestamp = uint40(block.timestamp);
console.log("Timestamp returned: ", timestampFinal);
assertEq(timestampFinal, nowTimestamp - delay2);
assertEq(data, 1); // 1000 * 0.001 = 1
}

As we can see from the logs:

Logs:
First timestamp: 1736368782
Second timestamp: 1736368732
Timestamp returned: 1736368732

The first timestamp is actually the latest timestamp out of the two, instead it's returning the earliest.

Impact

Incorrect timestamp is being returned

Tools Used

Manual review + foundry tests

Recommendations

Change the condition in MultiHopOracle::_getData#L40

- if (oracleTimestamp < timestamp) {
+ if (oracleTimestamp > timestamp) {
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!