Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Little Clay Parakeet - PythOracle Staleness check is inverted #887

Open
sherlock-admin3 opened this issue Dec 9, 2024 · 0 comments
Open

Little Clay Parakeet - PythOracle Staleness check is inverted #887

sherlock-admin3 opened this issue Dec 9, 2024 · 0 comments

Comments

@sherlock-admin3
Copy link
Contributor

Little Clay Parakeet

Medium

PythOracle Staleness check is inverted

Summary

The Stale Price check in the PythOracle contract is inverted. This would lead to two things:

  1. Transaction reverts if the latest price publishTime is >= block.timestamp - noOlderThan, which could happen very often if its a frequently updated price feed. Every contract that uses this price wouldn't be able to work.
  2. The prices would have been older than PythOracle.noOlderThan

Root Cause

The Stale price check is inverted.

Internal pre-conditions

No response

External pre-conditions

Price feed not updated in the last PythOracle.noOlderThan seconds.

Attack Path

  1. User waits for the oracle to not be updated and also checks that his tokenIn has dropped in value.
  2. He manages to get the previous stale price for higher USDC value on his tokenIn than the actual current value.

Impact

No response

PoC

No response

Mitigation

Revert the Stale Price check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3