Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

values calculated using an average of multiple prices rather than using a time-accurate oracle

rockson

Summary

Time-weighted average price calculation in TimeWeightedAverage.sol introduces unintended discounts and potential losses for users, deviating from time-accurate oracle pricing.

Vulnerability Details

The calculateTimeWeightedAverage function in TimeWeightedAverage.sol calculates a price by averaging prices over a period. This approach, while seemingly smoothing out price volatility, introduces a fundamental flaw: it provides a discounted price compared to a time-accurate oracle reading at the moment of execution. Users interacting with the protocol based on this time-averaged price will receive less value than they would with a spot price from a real-time oracle.

Vulnerable Code Snippet (TimeWeightedAverage.sol):

199: function calculateTimeWeightedAverage(
200: PeriodParams[] memory periods,
201: uint256 timestamp
202: ) public pure returns (uint256 weightedAverage) {
// ... (loop and calculation logic averaging prices over time) ...
222: return totalDuration == 0 ? 0 : totalWeightedSum / (totalDuration * 1e18); // <--- Time-averaged price
223: }

Impact

Unintended Discounts and Potential User Losses. Using a time-averaged price instead of a spot price leads to:

  • Discounted Prices for Users: Users interacting with the protocol based on this averaged price will consistently receive a price that is lower than the current market price, effectively receiving less value for their assets.

  • Arbitrage Opportunities: The price discrepancy between the time-averaged price and the spot price creates arbitrage opportunities for sophisticated actors who can exploit this difference to their advantage, potentially at the expense of regular users.

  • Inaccurate System Valuation: Relying on a discounted price for core protocol operations can lead to inaccurate valuation of assets within the system, potentially impacting collateral ratios, liquidation thresholds, and overall protocol stability.

Tools Used

Manually review

Recommendations

  1. Immediate Mitigation: Replace the calculateTimeWeightedAverage function with a direct call to a time-accurate oracle for price feeds. Use Chainlink, Pyth, or another reputable oracle provider to fetch real-time spot prices.

  2. Code Review: Thoroughly review all price-dependent logic in the codebase and replace any instances of calculateTimeWeightedAverage with calls to the new time-accurate oracle price feed.

  3. Testing: Implement unit tests and integration tests to verify that the protocol now uses time-accurate oracle prices and that price calculations are correct and consistent with market conditions.

Mitigation

In GaugeController.sol._calculateReward , replace the time-weighted average price calculation with a call to a time-accurate oracle:

function _calculateReward(address gauge) internal view returns (uint256) {
// ... (other code) ...
// OLD - Time-Weighted Average Price (Vulnerable):
// uint256 periodEmission = g.gaugeType == GaugeType.RWA ? _calculateRWAEmission() : _calculateRAACEmission();
// NEW - Time-Accurate Oracle Price (Mitigated):
uint256 currentPrice = priceOracle.getLatestPrice(raacTokenId); // Example - Assuming you have a priceOracle and raacTokenId
uint256 periodEmission = currentPrice.percentMul(/* ... your emission percentage based on gauge type ... */); // Adjust emission calculation based on oracle price
return (periodEmission * gaugeShare * typeShare) / (WEIGHT_PRECISION * WEIGHT_PRECISION);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.