Incorrect Price Validation
Summary
The contract KeeperProxy has a vulnerability in the _validatePrice function where it incorrectly validates the price of the longToken using the indexTokenPrice instead of the longTokenPrice.
Vulnerability Details
In the _validatePrice function, the contract performs price validation for various tokens. However, it incorrectly uses the indexTokenPrice for validating the longToken:
This is incorrect because the longToken should be validated using its own price, longTokenPrice, rather than the indexTokenPrice. Although currently, the longToken and indexToken are the same, this might not be the case in the future, leading to incorrect price validation.
Impact
If the longToken and indexToken become different in the future, the contract will validate the longToken using the wrong price. This can lead to incorrect execution of keeper functions, potentially causing financial losses or incorrect operations within the PerpetualVault.
Tools Used
Manual Review
Recommendations
Update the _validatePrice function to use the correct price for the longToken:
This ensures that the longToken is validated using its own price, preventing potential issues if the longToken and indexToken become different in the future.
Lead Judging Commences
finding_validatePrice_no_check_for_longTokenPrice
Likelihood: None/Very Low, everytime the keeper send a price via run/runNextAction (sent by the Gamma keeper). Impact: Medium/High, does not check the longTokenPrice, it could go out of range. Keep in mind indexToken == longToken, an error from the keeper could be considered informational.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.