When oracle is deprecated, then price fetching will result in error with empty data. In this case price function will revert, which will affect a lot of functions in the protocol. This is known issue from previous audits.
In case of this report, such problem will not allow bidder to close auction. As when he will bid, then rebalancing will be called and if this rebalancing will fetch price of deprected oracle, then function will revert and bidding will revert as well. Because of that, it's possible that during the time when new oracle will be provided, Dutch auction price will be decreased heavily, so next bidder will buy assets for really low cost.
How it was fixed
Reserved team has fixed issue, by checking if oracle is deprecated. In such case they throw StalePrice error, which is not empty data, so function will not revert and bid will be closed with asked price.
Lines of code
Vulnerability details
This issue is mitigated.
Explanation of found problem
When oracle is deprecated, then price fetching will result in error with empty data. In this case
price
function will revert, which will affect a lot of functions in the protocol. This is known issue from previous audits. In case of this report, such problem will not allow bidder to close auction. As when he will bid, then rebalancing will be called and if this rebalancing will fetch price of deprected oracle, then function will revert and bidding will revert as well. Because of that, it's possible that during the time when new oracle will be provided, Dutch auction price will be decreased heavily, so next bidder will buy assets for really low cost.How it was fixed
Reserved team has fixed issue, by checking if oracle is deprecated. In such case they throw
StalePrice
error, which is not empty data, so function will not revert and bid will be closed with asked price.