CamelotRelayer uses wrong interface for CamelotPair

[c4-submissions]

Lines of code

https://github.com/Uniswap/v3-periphery/blob/697c2474757ea89fec12a4e6db16a574fe259610/contracts/libraries/OracleLibrary.sol#L16-L41 https://github.com/Uniswap/v3-periphery/blob/697c2474757ea89fec12a4e6db16a574fe259610/contracts/libraries/OracleLibrary.sol#L74-L88 https://github.com/CamelotLabs/core/blob/b51753e816de02e591acb2c07dc9eed7a4179a68/contracts/CamelotPair.sol#L10

Vulnerability details

Impact

The CamelotRelayer uses the OracleLibrary as an interface for accessing oracle data from the CamelotPair contract which is the Camelot DEX's equivalent of a pool using the OracleLibrary from UniSwapV3Pool's periphery contracts but because the CamelotPair doesn't implement the same interface as a UniSwapV3Pool calls to the CamelotRelayer's functions will revert.

Proof of Concept

Calling the getResultWithValidity function in CamelotRelayer tries to call the getOldestObservationSecondsAgo and consult functions in the OracleLibrary.

However when the getOldestObservationSecondsAgo tries to call the observations variable on IUniswapV3Pool it will revert because there is no observations variable defined on the CamelotPair pool.

The same applies to the consult function which tries to call the observe function on the CamelotPair pool which doesn't define this function.

Tools Used

Manual Review

Recommended Mitigation Steps

Implement a CamelotRelayer that uses the interface of the CamelotPair to retrieve values.

Assessed type

Context

[c4-pre-sort]

raymondfam marked the issue as low quality report

[c4-pre-sort]

raymondfam marked the issue as duplicate of #119

[c4-judge]

MiloTruck marked the issue as not a duplicate

[c4-judge]

MiloTruck marked the issue as duplicate of #156

[c4-judge]

MiloTruck marked the issue as satisfactory