Shambolic Mint Dinosaur
High
The Market.sol contract does not validate the oracle's timestamp freshness. If the oracle returns stale data, positions may settle at outdated prices.
In https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L503 the contract does not validate the oracle's timestamp freshness. It might therefore use outdated/stale prices in operations.
No response
No response
No response
Oracles periodically push price data on-chain. If the smart contract does not validate the timestamp of the oracle's latest update, it might use outdated (stale) prices for operations leading to: 1.Inaccurate Operations: Stale prices might not reflect the current market conditions, leading to incorrect collateralization ratios, trade executions, or liquidation thresholds. 2.Economic Losses: Users may lose funds due to improper liquidations or overpayment for swaps caused by stale prices.
No response
Add checks for oracleVersion.timestamp against a MAX_DELAY.