Incorrect Price Validation for LongToken in _validatePrice(), KeeperProxy.sol
Summary
The _validatePrice function contains a mistake in price validation for the longToken.** **
Vulnerability Details
In the _validatePrice function, the following lines are checking the price of the longToken against the indexTokenPrice values:
However, the correct price range to check should be prices.longToken.min and prices.longToken.max, not the indexTokenPrice.
Impact
Incorrect Price Validation: The mistake can result in the system comparing the wrong price range for the longToken.
Tools Used
Manual review
Recommendations
The correct code should be:
Lead Judging Commences
finding_validatePrice_no_check_for_longTokenPrice
Likelihood: None/Very Low, everytime the keeper send a price via run/runNextAction (sent by the Gamma keeper). Impact: Medium/High, does not check the longTokenPrice, it could go out of range. Keep in mind indexToken == longToken, an error from the keeper could be considered informational.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.