search

code-423n4 / 2023-10-opendollar-findings

10 stars 7 forks source link

Camelot Relayer using wrong CAMELOT_V3_FACTORY address ! #399

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/open-dollar/od-contracts/blob/v1.5.5-audit/src/contracts/oracles/CamelotRelayer.sol#L20

Vulnerability details

Impact

Protocol will always fail to fetch a asset price . Deployment of CamelotRelayer will fail .

Proof of Concept

CamelotRelayer contracts are supposed to consult a CamelotRelayer TWAP and transforms the result into a standard IBaseOracle feed .then the quote obtained from the pool query is transformed into an 18 decimals format

However the current address of Camelot V3 Factory being used is wrong . It's using Goerli's Camelot V3 Factory address instead of Arbitrum's address . This arises a huge issue of Protocol always failing to fetch a asset price . 

  address internal constant _CAMELOT_FACTORY = GOERLI_CAMELOT_V3_FACTORY;

Tools Used

Etherscan

Recommended Mitigation Steps

Use Arbitrum's address of Camelot V3 Factory :

- address internal constant _CAMELOT_FACTORY = GOERLI_CAMELOT_V3_FACTORY;
+ address internal constant _CAMELOT_FACTORY = CAMELOT_V3_FACTORY;

Assessed type

Oracle

c4-pre-sort commented 1 year ago

raymondfam marked the issue as low quality report

c4-pre-sort commented 1 year ago

raymondfam marked the issue as duplicate of #119

c4-judge commented 1 year ago

MiloTruck changed the severity to 2 (Med Risk)

c4-judge commented 1 year ago

MiloTruck marked the issue as satisfactory