The getLatestPrice function returns a timestamp that is updated globally for any token price change. This results in the function returning an incorrect timestamp when querying specific token IDs.
The contract stores only one lastUpdateTimestamp for all tokens.
Whenever any token’s price is updated, the single lastUpdateTimestamp is overwritten.
Calling getLatestPrice(_tokenId)
retrieves the correct price for the given _tokenId but an irrelevant timestamp that might correspond to a different token’s update event.
Users or external contracts relying on token-specific timestamps may be misled by this global timestamp. This could cause confusion or errors in scenarios where accurate token price update times are critical for business logic or audits.
Manual Code Review and Foundry
Introduce a mapping that stores an individual updateTimestamp for each token ID.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.