You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The updatePrice function accepts ETH payments via payable modifier but only uses the exact fee amount needed for the Pyth oracle update. Any excess ETH sent above the required fee becomes permanently trapped in the contract since there is no mechanism to withdraw or return the unused funds.
impact
msg.value-fee will stuck in the contract
POC
//@audit-issue doesn't return unused fee which will be stuck in contract and equal to msg.value - feefunction updatePrice(bytes[] calldatapriceUpdate) externalpayableoverridereturns (uint256updatedPrice) {
// Submit a priceUpdate to the Pyth contract to update the on-chain price.// Updating the price requires paying the fee returned by getUpdateFee.// WARNING: These lines are required to ensure the getPriceNoOlderThan call below succeeds. If you remove them, transactions may fail with "0x19abf40e" error.uint256 fee = pythOracle.getUpdateFee(priceUpdate);
pythOracle.updatePriceFeeds{value: fee}(priceUpdate);
IPyth.Price memory price = pythOracle.getPriceNoOlderThan(tokenId, uint256(uint64(noOlderThan)));
updatedPrice =uint256(uint64(price.price));
}
Mean Brown Barbel
Medium
Unused ETH Gets Trapped in Contract
Summary
The
updatePricefunction accepts ETH payments viapayablemodifier but only uses the exact fee amount needed for the Pyth oracle update. Any excess ETH sent above the required fee becomes permanently trapped in the contract since there is no mechanism to withdraw or return the unused funds.impact
msg.value-feewill stuck in the contractPOC
https://github.com/sherlock-audit/2024-11-oku/blob/main/oku-custom-order-types/contracts/oracle/External/PythOracle.sol#L35
Mitigation
Return the unused ETH to caller.
The text was updated successfully, but these errors were encountered: