c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as duplicate of #282
Closed c4-bot-8 closed 6 months ago
c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as duplicate of #282
c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as duplicate of #144
c4-judge
commented
6 months ago 3docSec marked the issue as unsatisfactory: Out of scope
c4-judge
commented
6 months ago 3docSec marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/rOUSG.sol#L379 https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L480
Vulnerability details
Impact
The oracle returns a price and timestamp but the timestamp is ignored. This allows the protocol to use stale price data and could lead to malicious users deliberately taking advantage of this for a profit.
Proof of Concept
2 occurrences of this issue
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L480
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/rOUSG.sol#L379
Tools Used
Manual Review
Recommended Mitigation Steps
Validate the timestamp, ideally within a minimum threshold of block.timestamp so the protocol is automatically protected from outdated prices.
Assessed type
Oracle