The getHourlyAvgTracerPrice and getHourlyAvgOraclePrice functions in Pricing return 0 if there is no trade during the given hour because of the design of averagePrice, which could mislead users that the hourly average price is 0. The same problem happens when emitting the old hourly average in the recordTrade function.
Return a special value (e.g., type(uint256).max) from averagePrice if there is no trade during the specified hour to distinguish from an actual zero price. Handle this particular value whenever the averagePrice function is called by others.
Handle
shw
Vulnerability details
Impact
The
getHourlyAvgTracerPriceandgetHourlyAvgOraclePricefunctions inPricingreturn 0 if there is no trade during the givenhourbecause of the design ofaveragePrice, which could mislead users that the hourly average price is 0. The same problem happens when emitting the old hourly average in therecordTradefunction.Proof of Concept
Referenced code: Pricing.sol#L254-L256 Pricing.sol#L262-L264 Pricing.sol#L74
Recommended Mitigation Steps
Return a special value (e.g.,
type(uint256).max) fromaveragePriceif there is no trade during the specified hour to distinguish from an actual zero price. Handle this particular value whenever theaveragePricefunction is called by others.