Open c4-bot-3 opened 3 months ago
In the original issue, getRate() does not check for outdated exchange rates, which can result to incorrect calculations.
getRate()
The mitigation proposes a staleness-check:
- (uint256 _lastPrice, ) = getMintRate(); + (uint256 _lastPrice, uint256 _lastPriceTimestamp) = getMintRate(); + if (block.timestamp > _lastPriceTimestamp + 1 days) { + revert OraclePriceExpired(); + }
This mitigation succesfully mitigates the original issue. The usage of _lastPriceTimestamp and checking if block.timestamp is more than _lastPriceTimestamp + 1 days will ensure that the price can not be stale.
_lastPriceTimestamp
block.timestamp
_lastPriceTimestamp + 1 days
n/a
LGTM
alcueca marked the issue as satisfactory
Lines of code
Vulnerability details
Original Issue Summary
In the original issue,
getRate()
does not check for outdated exchange rates, which can result to incorrect calculations.Mitigation
The mitigation proposes a staleness-check:
Comments
This mitigation succesfully mitigates the original issue. The usage of
_lastPriceTimestamp
and checking ifblock.timestamp
is more than_lastPriceTimestamp + 1 days
will ensure that the price can not be stale.Suggestion
n/a
Conclusion
LGTM