Incorrect price validation in KeeprProxy contract
Title
Incorrect price validation in KeeprProxy contract
Summary
The _validatePrice function in the KeeperProxy contract has a mistake in how it checks prices for longToken. Instead of using the correct longTokenPrice values, it incorrectly uses indexTokenPrice ranges. This could allow transactions to go through with invalid prices, posing a financial risk.
Vulnerability Details
The issue is in the _validatePrice function where the longToken price validation uses the wrong price range.
This code incorrectly uses prices.indexTokenPrice for longToken validation instead of prices.longTokenPrice.
Impact
Whilt it is understood that the indexToken is the same as the longToken, it still affects developer understanding and could caus possible problem in the future.
Tools Used
Manual Review
Recommendations
Update the _check calls for longToken to use the correct price range:
Lead Judging Commences
finding_validatePrice_no_check_for_longTokenPrice
Likelihood: None/Very Low, everytime the keeper send a price via run/runNextAction (sent by the Gamma keeper). Impact: Medium/High, does not check the longTokenPrice, it could go out of range. Keep in mind indexToken == longToken, an error from the keeper could be considered informational.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.