Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chilly Wool Ladybug - Incorrect address of oracle in DualOracleChainlinkUniV3 #566

Open
sherlock-admin4 opened this issue Feb 17, 2025 · 0 comments
Open

Chilly Wool Ladybug - Incorrect address of oracle in DualOracleChainlinkUniV3 #566

sherlock-admin4 opened this issue Feb 17, 2025 · 0 comments

Comments

@sherlock-admin4
Copy link

Chilly Wool Ladybug

Medium

Incorrect address of oracle in DualOracleChainlinkUniV3

Summary

DualOracleChainlinkUniV3 has a hardcoded static oracle address that does not correspond to a valid contract on Base, all calls to _updateExchangeRate() will revert, breaking the protocol on Base.

Root Cause

getPrices uses a static oracle

function getPrices() external view returns (bool _isBadData, uint256 _priceLow, uint256 _priceHigh) {
        address[] memory _pools = new address[](1);
        _pools[0] = UNI_V3_PAIR_ADDRESS;
        uint256 _price1 = IStaticOracle(0xB210CE856631EeEB767eFa666EC7C1C57738d438).quoteSpecificPoolsWithTimePeriod(
            ORACLE_PRECISION, BASE_TOKEN, QUOTE_TOKEN, _pools, TWAP_DURATION
        );

The issue is that 0xB210CE856631EeEB767eFa666EC7C1C57738d438 is not an oracle on Base

Internal Pre-conditions

None

External Pre-conditions

None

Attack Path

Because it is in a function and not in the constructor, the DualOracle will be deployed, but getPrices will always revert.

Impact

oracle.getPrices() is called in _updateExchangeRate(). This means all the FraxlendPairCore functions will break on Base, essentially rendering a key functionality the protocol useless on that chain.

PoC

No response

Mitigation

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin4