search

code-423n4 / 2024-04-revert-mitigation-findings

1 stars 1 forks source link

ADD-01 MitigationConfirmed #59

Open c4-bot-9 opened 5 months ago

c4-bot-9 commented 5 months ago

Lines of code

Vulnerability details

C4 Issue

ADD-01: Improper return of chainlinkReferencePriceX96 in V3Oracle._getReferenceTokenPriceX96()

Issue Details

In certain situations, cachedChainlinkReferencePriceX96 did not prevent the reevaluation of the price of referenceToken in V3Oracle.getValue().

Mitigation

PR-13 successfully mitigates the original issue by introducing the following change:

    function _getReferenceTokenPriceX96(address token, uint256 cachedChainlinkReferencePriceX96)
        internal
        view
        returns (uint256 priceX96, uint256 chainlinkReferencePriceX96)
    {
        if (token == referenceToken) {
-           return (Q96, chainlinkReferencePriceX96);
+           return (Q96, cachedChainlinkReferencePriceX96);
        }

        [...]
    }

Conclusion

Mitigation Confirmed

c4-judge commented 5 months ago

jhsagd76 marked the issue as satisfactory

c4-judge commented 5 months ago

jhsagd76 marked the issue as confirmed for report