c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Lines of code
Vulnerability details
This issue is mitigated.
Explanation of found problem
When oracle is deprecated, then price fetching will result in error with empty data. In this case
pricefunction will revert, which will affect a lot of functions in the protocol. This is known issue from previous audits. In case of this report, such problem will not allow bidder to close auction. As when he will bid, then rebalancing will be called and if this rebalancing will fetch price of deprected oracle, then function will revert and bidding will revert as well. Because of that, it's possible that during the time when new oracle will be provided, Dutch auction price will be decreased heavily, so next bidder will buy assets for really low cost.How it was fixed
Reserved team has fixed issue, by checking if oracle is deprecated. In such case they throw
StalePriceerror, which is not empty data, so function will not revert and bid will be closed with asked price.