lucas-manuel
commented
3 years ago Informational, will address
Open code423n4 opened 3 years ago
lucas-manuel
commented
3 years ago Informational, will address
lucas-manuel
commented
3 years ago Ended up not addressing this
Handle
s1m0
Vulnerability details
Impact
The getLatestPrice function (https://github.com/maple-labs/maple-core/blob/develop/contracts/MapleGlobals.sol#L383) doesn't check if the oracle is set for the requested asset. In case it's not set the transaction would revert without a meaningful error.
Proof of Concept
-
Tools Used
Manual analysis.
Recommended Mitigation Steps
In getLatestPrice() check if the oracle address is set, if not set revert with a meaningful error. ex. require(oracleFor[asset] != address(0), "MapleGlobals:ORACLE_NOT_SET");