c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #28
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #28
c4-judge
commented
1 year ago dmvt marked the issue as partial-50
Judge has assessed an item in Issue #80 as M risk. The relevant finding follows:
[LOW‑10] getPrice and combine will not work if expirationPeriod == 0 The following conditions will fail if expirationPeriod is set to 0. There is currently no limit that it cannot be set to 0.
Proof Of Concept 243: require( 244: (block.number - updatedAt) <= config.expirationPeriod, 245: "NFTOracle: asset price expired" 246: ); https://github.com/code-423n4/2022-11-paraspace/tree/main/paraspace-core/contracts/misc/NFTFloorOracle.sol#L243-L246
419: if (diffBlock <= config.expirationPeriod) { 420: validPriceList[validNum] = priceInfo.twap; 421: validNum++; 422: } https://github.com/code-423n4/2022-11-paraspace/tree/main/paraspace-core/contracts/misc/NFTFloorOracle.sol#L419-L422