Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dazzling Coral Sheep - the if (_isOracleStale() || isOraclePaused) check doesnt revert when oracle is stale or paused #94

Open
sherlock-admin4 opened this issue Dec 22, 2024 · 0 comments
Open

Dazzling Coral Sheep - the if (_isOracleStale() || isOraclePaused) check doesnt revert when oracle is stale or paused #94

sherlock-admin4 opened this issue Dec 22, 2024 · 0 comments
Labels
Won't Fix The sponsor confirmed this issue will not be fixed

Comments

@sherlock-admin4
Copy link
Contributor

Dazzling Coral Sheep

Medium

the if (_isOracleStale() || isOraclePaused) check doesnt revert when oracle is stale or paused

Summary

the if (_isOracleStale() || isOraclePaused) check return is wrong

Vulnerability Detail

in getEarningPower and getNewEarningPower we can see there is the if (_isOracleStale() || isOraclePaused) check doesnt revert when oracle is stale or paused and returns _amountStaked if oracle is stale or paused but the problem is it should't return the _amountStaked because this already going to be returned if _isDelegateeEligible(_delegatee) and not when oracle is stale or paused

Impact

the function doesnt revert when the oracle is stale or paused, hence oracle being stale or paused makes no changes

Code Snippet

 function getEarningPower(uint256 _amountStaked, address, /* _staker */ address _delegatee) 
    external
    view
    returns (uint256)
  {
    if (_isOracleStale() || isOraclePaused) return _amountStaked; //@audit why both returns amountstaked even when oracle stale and is eligble?
    return _isDelegateeEligible(_delegatee) ? _amountStaked : 0; //@note calculates nothing here
  }

as you saw it doesnt makes any sense at all that this check doesnt prevent anything at all
https://github.com/sherlock-audit/2024-11-tally/blob/b125d1f2b52170a3789b1060a52fc6609e6e2262/staker/src/BinaryEligibilityOracleEarningPowerCalculator.sol#L130-L158

Tool used

Manual Review

Recommendation

  • consider modiying the contracts to the way that it reverts when oracle is stale or paused as intended
@sherlock-admin3 sherlock-admin3 added the Won't Fix The sponsor confirmed this issue will not be fixed label Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Won't Fix The sponsor confirmed this issue will not be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin3 @sherlock-admin4