Incorrect Handling of No Price Change in update_price() in the ScrvusdOracleV2
Summary
The update_price function incorrectly returns 0 when the new_price is equal to the current_price. This behavior is misleading, as it implies that the price has dropped to zero, which is not the case. Instead, the function should return the current price or a value indicating no change.
Vulnerability Details
The function calculates the absolute relative price change as follows:
If
new_price > current_price, it returns the positive relative change.If
new_price < current_price, it returns the negative relative change.If
new_price == current_price, it returns0.
The issue arises when
new_price == current_price. Returning0in this case is misleading, as it does not accurately represent the situation (no price change).
Impact
Misleading Behavior: Returning
0when there is no price change could lead to incorrect assumptions, such as the price dropping to zero.User Confusion: Users or external systems relying on this function might misinterpret the result, leading to incorrect decisions or actions.
Inconsistent Behavior: The function does not handle the "no change" scenario in a meaningful way, reducing its reliability.
Tools Used
Manual code review
Recommendations
Modify the Function to Return the Current Price:
Update the function to return the current price when
new_price == current_price:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.