search

code-423n4 / 2023-12-initcapital-findings

3 stars 3 forks source link

Api3OracleReader may be unavailable up to 1 hour if the timestamp of the price from the Api3Server is bigger than the current block.timestamp #39

Closed c4-bot-3 closed 10 months ago

c4-bot-3 commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/oracle/Api3OracleReader.sol#L87

Vulnerability details

Impact

Oracle unavailable for up to 1 hour, which could lead to positions going underwater and being liquidated when it becomes live again, without users having the chance to repay/collateralize.

Proof of Concept

The airnode code has a note concerning this behaviour: /// @dev Reverts if the timestamp is from more than 1 hour in the future It means that the prices can be up to 1 hour in the future.

This modifier is triggered when updating prices in processBeaconUpdate(), setting the dataFeed, which is read in _readDataFeedWithId(), called initially in readDataFeedWithId().

Then, in the Api3OracleReader, the following check may underflow if the timestamp is in the future: _require(block.timestamp - timestamp <= dataFeedInfo.maxStaleTime, Errors.MAX_STALETIME_EXCEEDED);.

Tools Used

Vscode Foundry

Recommended Mitigation Steps

Limit the timestamp to be at most block.timestamp.

Assessed type

Under/Overflow

JeffCX commented 10 months ago

duplicate of #4

c4-judge commented 10 months ago

hansfriese marked the issue as duplicate of #4

c4-judge commented 10 months ago

hansfriese marked the issue as satisfactory