Mean Brown Barbel - Confidence Intervals of Pyth Network's Prices Are Ignored

[sherlock-admin2]

Mean Brown Barbel

Medium

Confidence Intervals of Pyth Network's Prices Are Ignored

Summary

The prices fetched by the Pyth network come with a degree of uncertainty which is expressed as a confidence interval around the given price values. Considering a provided price p, its confidence interval σ is roughly the standard deviation of the price's probability distribution. The [official documentation of the Pyth Price Feeds](https://docs.pyth.network/documentation/pythnet-price-feeds/best-practices#confidence-intervals) recommends some ways in which this confidence interval can be utilized for enhanced security. For example, the protocol can compute the value σ / p to decide the level of the price's uncertainty and disallow user interaction with the system in case this value exceeds some threshold.

POC

    function currentValue() external view override returns (uint256) {
        IPyth.Price memory price = pythOracle.getPriceUnsafe(tokenId);
        require(price.publishTime < block.timestamp - noOlderThan, "Stale Price");
        return uint256(uint64(price.price)); 
    }

Currently, the protocol [completely ignores the confidence interval provided by the price feed. Consider utilizing the confidence interval provided by the Pyth price feed as recommended in the official documentation. This would help mitigate the possibility of users taking advantage of invalid prices.