Inaccurate Initial Price Calculation Due to Deployment Parameters
Summary
The update_price function is responsible for updating the token price based on supplied parameters that are verified by a prover and a verifier. However, after deployment, the initial parameters are set to very small values. When update_price is called for the first time, it calculates the token price using these initial parameters, which leads to incorrect pricing.
Vulnerability Details
At deployment, self.price_params is initialized with minimal values:
In update_price, current_price is calculated using outdated parameters before updating self.price_params:
Since the initial parameters contain small values, this results in an incorrect price calculation, inflating the first reported price.
Impact
The first call to update_price after deployment will use the initial small parameters, leading to inaccurate price updates
Tools Used
Manual Review
Recommendations
Initialize price_params with realistic values at deployment or ensure the first price update correctly accounts for external market conditions to prevent inaccurate pricee.
Lead Judging Commences
finding-hardcoded-initial-price
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.