Not considering exponents when fetching price from Pyth causes issues

Summary

No response

Root Cause

Upon fetching a price from Pyth, we call the following code:

function currentValue() external view override returns (uint256) {
        IPyth.Price memory price = pythOracle.getPriceUnsafe(tokenId);
        require(price.publishTime < block.timestamp - noOlderThan, "Stale Price");
        return uint256(uint64(price.price));
    }

Pyth provides exponents so the price can be brought into the correct decimals. However, this is not done here, resulting in using different decimals for different assets.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

Price is fetched from Pyth when getting the exchange rate for tokens
One asset has an exponent of 5 while another one has an exponent of 6
This results in wrong exchange rate due to not considering the exponents

Impact

Wrong exchange rate calculation causing all kinds of serious issues across the protocol such as filling orders when they shouldn't be

PoC

No response

Mitigation

Consider the exponents

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

019.md

019.md

Not considering exponents when fetching price from Pyth causes issues

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

019.md

Latest commit

History

019.md

File metadata and controls

Not considering exponents when fetching price from Pyth causes issues

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation