Closed c4-submissions closed 10 months ago
Invalid
bytes032 marked the issue as insufficient quality report
GalloDaSballo (sponsor) disputed
jhsagd76 marked the issue as unsatisfactory: Invalid
Obviously, this report doesn't point out any code details
Lines of code
https://github.com/code-423n4/2023-10-badger/blob/f2f2e2cf9965a1020661d179af46cb49e993cb7e/packages/contracts/contracts/PriceFeed.sol#L98
Vulnerability details
Impact
fetchPrice is indirectly accessed in the following public functions: addColl, withdrawColl, withdrawDebt, repayDebt, adjustCdp, adjustCdpWithColl, liquidate, partiallyLiquidate, syncGlobalAccountingAndGracePeriod, setGracePeriod, redeemCollateral, redeemCollateral. When there are multiple requests within a block, it is possible the fetchPrice can send a different price based on CASE 1 to CASE 5 inside fetchPrice method.
fetchPrice
within a blockProof of Concept
https://github.com/code-423n4/2023-10-badger/blob/f2f2e2cf9965a1020661d179af46cb49e993cb7e/packages/contracts/contracts/PriceFeed.sol#L98
Tools Used
Manual review
Recommended Mitigation Steps
File: contracts/PriceFeed.sol
Assessed type
Oracle