Bald Honeysuckle Urchin
Medium
The currentValue function retrieves price data from the Pyth Oracle but contains an incorrect comparison in the stale price check. This could lead to rejecting valid prices, potentially impacting the functionality of any contract relying on this method for price feeds.
The cause of this vulnerability is the check in lines 28-31
This check will only pass if price.publishTime less than block.timestamp - noOlderThan, which means stale price.
The comparison uses < instead of >, resulting in rejection of prices that are within the acceptable age defined by noOlderThan. This incorrect logic treats recent, valid prices as stale.
The pythOracle.getPriceUnsafe(tokenId) function must return a valid IPyth.Price object containing the publishTime field.
No response
No response
- Contracts using the
currentValuefunction will behave incorrectly due to rejected valid prices. - Automated systems depending on these price feeds could experience failures, potentially leading to financial losses or stalled operations.
- Since the function only allows stale prices, outdated or inaccurate price data could lead to incorrect calculations for swaps, resulting in a direct loss of user funds.
No response
Correct the stale price comparison logic to ensure valid prices are not incorrectly rejected. Update the condition as follows:
function currentValue() external view override returns (uint256) {
IPyth.Price memory price = pythOracle.getPriceUnsafe(tokenId);
require(
- price.publishTime < block.timestamp - noOlderThan,
+ price.publishTime > block.timestamp - noOlderThan,
"Stale Price"
);
return uint256(uint64(price.price));
}