Closed c4-bot-2 closed 6 months ago
0xEVom marked the issue as duplicate of #498
0xEVom marked the issue as sufficient quality report
0xEVom marked the issue as duplicate of #127
jhsagd76 marked the issue as satisfactory
jhsagd76 changed the severity to 3 (High Risk)
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/435b054f9ad2404173f36f0f74a5096c894b12b7/src/V3Oracle.sol#L368-L375
Vulnerability details
Impact
Attacker will take advantage of inacurate prices returned for negative ticks.
Proof of Concept
The _getReferencePoolPriceX96 below does not take into account negative ticks.
This oversight poses a risk, especially when
(tickCumulatives[1] - tickCumulatives[0]) % secondsAgo != 0
, potentially resulting in a tick value that is larger than it should be. Such discrepancies can create opportunities for price manipulations and arbitrage.To address this issue, it's crucial to ensure that negative tick values are properly handled and rounded down to avoid inaccuracies in determining the tick value. This correction will enhance the accuracy and reliability of the pricing mechanism, reducing the potential for exploitation and manipulation in the system.
Tools Used
Manual review
Recommended Mitigation Steps
Copy the uniswap implementation and add this line.
Assessed type
Math