Part 2

Summary

checkLog function in UsdTokenSwapKeeper contract uses block.timestamp (current time) instead of log.timestamp (event emission time) to query historical price data, leading to incorrect swap executions that violate user expectations and protocol integrity.

Vulnerability Details

When a user submits a swap request via MarketMakingEngine, an event is emitted with a specific timestamp (stored in log.timestamp). Chainlink Automation Network detects this event and calls checkLog on UsdTokenSwapKeeper.The checkLog function is designed to fetch the price at the time of the event using Chainlink Data Streams. However, the code incorrectly uses block.timestamp (the current block time) to query the price feed:
UsdTokenSwapKeeper.sol#L117

The log.timestamp is the time when the log was emitted, which corresponds to the block time when the event happened. On the other hand, block.timestamp is the current block's timestamp when the checkLog function is executed. These might not be the same if there's a delay between the event emission and the checkLog call.

In the context of fulfilling a swap request, the price data needed is the one at the time the request was made (log.timestamp), not the current time. If block.timestamp is used, the price might have changed, leading to incorrect fulfillment. This could cause issues like using outdated or incorrect prices, affecting the swap's execution.

Chainlink's documentation example itself use log.timestamp for the Streams lookup in checkLog:

Impact

Using an incorrect timestamp could result in fetching price data from a different time than when the swap was actually requested, potentially leading to unfair pricing.

Tools Used

Manual Review

Recommendations

The correct approach should be to use log.timestamp to ensure the data corresponds to the event's time: