search

code-423n4 / 2024-04-revert-mitigation-findings

1 stars 1 forks source link

H-05 MitigationConfirmed #10

Open c4-bot-7 opened 4 months ago

c4-bot-7 commented 4 months ago

Lines of code

Vulnerability details

C4 issue

H-05: _getReferencePoolPriceX96() will show incorrect price for negative tick deltas in current implementation cause it doesn't round up for them

Comment

In the original implementation, whenever Uniswap twap tick is calculated, the code does not round down the result as suggested by uniswap code

secondsAgos[0] = 0; // from (before)
            secondsAgos[1] = twapSeconds; // from (before)
            (int56[] memory tickCumulatives,) = pool.observe(secondsAgos); // pool observe may fail when there is not enough history available (only use pool with enough history!)
            int24 tick = int24((tickCumulatives[0] - tickCumulatives[1]) / int56(uint56(twapSeconds)));

This makes the result tick bigger then it should be.

Mitigation:

PR #10 The mitigation code will round down tick every time twap price is used:

secondsAgos[0] = 0; // from (before)
            secondsAgos[1] = twapSeconds; // from (before)
            (int56[] memory tickCumulatives,) = pool.observe(secondsAgos); // pool observe may fail when there is not enough history available (only use pool with enough history!)
            int24 tick = int24((tickCumulatives[0] - tickCumulatives[1]) / int56(uint56(twapSeconds)));
            if (
                tickCumulatives[0] - tickCumulatives[1] < 0
                    && (tickCumulatives[0] - tickCumulatives[1]) % int32(twapSeconds) != 0
            ) tick--;

The mitigation solved the original issue

Conclusion

LGTM

c4-judge commented 4 months ago

jhsagd76 marked the issue as satisfactory