Skip to content

Latest commit

 

History

History
90 lines (68 loc) · 3.4 KB

017.md

File metadata and controls

90 lines (68 loc) · 3.4 KB

Low Tangerine Cod

Medium

Synthetix orders will not be executable enough gas for the Pyth oracle

Summary

The admin doesn't provide enough gas for the Pyth oracle.

Root Cause

Protocol liquidates user's positions by taking a short position in Synthetix. Later, admin should be able to execute those positions in Synthetix to maintain automint. Admin calls executeOrdersInSynthetix -> executeOrdersInSynthetix executeOffchainDelayedOrder passed 1 wei which is not enough to upda pyth oracle, this mean transaction will reverts

     function executeOrdersInSynthetix(
        bytes[] calldata priceUpdateData
    ) external onlyBorrowingContract {
        // Execute the submitted order
        synthetixPerpsV2.executeOffchainDelayedOrder{value: 1}(address(this), priceUpdateData);
    }

0xVolodya/blob/d4c790d2a7fcf4998effcb2490c7a9fba97ad465/Blockchain/Blockchian/contracts/Core_logic/borrowLiquidation.sol#L385 This is code from syntetyx, as we can see its requirements to pass fee

    function executeOffchainDelayedOrder(address account, bytes[] calldata priceUpdateData) external payable onlyProxy {
        // important!: order of the account, not the sender!
        DelayedOrder memory order = marketState.delayedOrders(account);
        // check that a previous order exists
        require(order.sizeDelta != 0, "no previous order");

        require(order.isOffchain, "use onchain method");

        // update price feed (this is payable)
->>        _perpsV2ExchangeRate().updatePythPrice.value(msg.value)(messageSender, priceUpdateData);

        // get latest price for asset
        uint maxAge = _offchainDelayedOrderMaxAge(_marketKey());
        uint minAge = _offchainDelayedOrderMinAge(_marketKey());

        (uint currentPrice, uint executionTimestamp) = _offchainAssetPriceRequireSystemChecks(maxAge);

        require((executionTimestamp > order.intentionTime), "price not updated");
        require((executionTimestamp - order.intentionTime > minAge), "executability not reached");
        require((block.timestamp - order.intentionTime < maxAge), "order too old, use cancel");

        _executeDelayedOrder(
            account,
            order,
            currentPrice,
            0,
            _takerFeeOffchainDelayedOrder(_marketKey()),
            _makerFeeOffchainDelayedOrder(_marketKey())
        );
    }

contracts/PerpsV2MarketDelayedExecution.sol#L114

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

protocol will not be able to executed orders to get profit. Profits or losses are realized only when the order is executed.

PoC

No response

Mitigation

pass pythoracle fee.

    function executeOrdersInSynthetix(
        bytes[] calldata priceUpdateData
    ) external onlyBorrowingContract {
        // Execute the submitted order
-        synthetixPerpsV2.executeOffchainDelayedOrder{value: 1}(address(this), priceUpdateData);
+        uint256 updateFee = pythOracle.getUpdateFee(priceUpdateData);
+        synthetixPerpsV2.executeOffchainDelayedOrder{value: updateFee}(address(this), priceUpdateData);
    }