c4-judge
commented
2 months ago jhsagd76 marked the issue as satisfactory
Open c4-bot-4 opened 3 months ago
c4-judge
commented
2 months ago jhsagd76 marked the issue as satisfactory
Lines of code
Vulnerability details
C4 Issue
M-25: Asymmetric calculation of price difference
Issue Details
V3Oracle.solused an incorrect price difference validation logic which produced inconsistent results depending on which of the prices being compared ( ChainLink & TWAP) is bigger at the moment of comparison. As a result the price difference check inside_requireMaxDifference()was not validating properly if the configured max difference is violated.Mitigation
PR-5 successfully mitigates the original issue by modifying
_requireMaxDifference()so that it always uses the primary price as the base for the price difference calculations. This way the results are always consistentConclusion
Mitigation Confirmed