Closed code423n4 closed 2 years ago
Price can never be out of date on the OraclePassThrough or ScalingPriceOracle.
It's hard to tell if this is a real issue as the actual implementation contract is out of scope. I'll make it invalid
.
the update() function on the oracle pass through does nothing, so this is not a valid issue.
Lines of code
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/oracle/IOracle.sol#L21
Vulnerability details
Impact
Throughout the protocol, oracles are relied upon to keep Volt stable, calculate payouts to users, and judge whether actions are eligible to be carried out. On the NonCustodialPSM contract, oracle is updated with the updateOracle function. However, there is no check is implemented if the price is out-of-date.
Proof of Concept
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/oracle/IOracle.sol#L21
Tools Used
Code Review
Recommended Mitigation Steps
Ensure that all related oracle function implements protection mechanism If the price is out-of-dated.