Closed c4-bot-1 closed 5 months ago
Prob best as QA since we know that negative is only for Commodities whereas aggregators for crypto have min and max above 0
GalloDaSballo marked the issue as insufficient quality report
GalloDaSballo marked the issue as primary issue
trust1995 changed the severity to QA (Quality Assurance)
trust1995 marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/DerivativeOracles/PtOraclePure.sol#L103 https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/DerivativeOracles/PendleLpOracle.sol#L118 https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/DerivativeOracles/PtOracleDerivative.sol#L122-L126
Vulnerability details
Impact
Unsafe casting is performed in
PendleLpOracle
,PtOraclePure
,PtOracleDerivative
. Casting fromint256
touint256
when a price is negative will lead to underflow and return an unwanted result.Proof of Concept
Contract functions consuming Chainlink oracles in
PendleLpOracle
,PtOraclePure
, andPtOracleDerivative
perform an unsafe casting fromint256
touint256
.The cast assumes that the price consistently remains positive. This might not be the case if the oracle has malfunctioned or a market crash has occurred.
Tools Used
Manual Review
Recommended Mitigation Steps
Always check if the price that's
int256
is greater than 0 before casting touint256
Assessed type
Oracle