The protocol interacts with tokens that use oracles, there are multiple checks enforced whenever checking the oracle rates, such as the expiration, the validity, etc.
However the protocol allows for stale oracles to be used.
For example inside swap_exact_out where a user is able to perform a swap with a stale oracle:
self.update_rates();
let rates = self.get_scaled_rates(&self.pool.token_rates)?;
Since the flow of the rate checker will not revert if the price is stale.
// Be aware the risk of oracle manipulation attack.
As it stands now, there are no safety measurements implemented to prevent the use of stale oracles.
Impact
This could enable users to profit from a token with multiple oracles if the protocol relies on a stale oracle while the others remain up-to-date, thereby creating an opportunity for gain.
Recommendation
Address the use of stale oracles; for instance, revert the rate checker function if the new rate price equals the old rate price. Currently, it does not revert but simply returns false.
External contracts malfunctioning/not working as intended (such as returning a stale rate) is out of scope as stated in the scope section in the audit description.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x0e73900be4d4c81eec54eabb7d03c9d6a4128d5de03a5aaa6f03c4f012681a70 Severity: medium
Description:
Summary
The protocol interacts with tokens that use oracles, there are multiple checks enforced whenever checking the oracle rates, such as the expiration, the validity, etc.
However the protocol allows for stale oracles to be used.
For example inside
swap_exact_out
where a user is able to perform a swap with astale
oracle:Since the flow of the rate checker will not revert if the price is stale.
This vulnerability has also been warned for in the Aleph Zero Documentation
As it stands now, there are no safety measurements implemented to prevent the use of stale oracles.
Impact
This could enable users to profit from a token with multiple oracles if the protocol relies on a stale oracle while the others remain up-to-date, thereby creating an opportunity for gain.
Recommendation
Address the use of stale oracles; for instance, revert the rate checker function if the new rate price equals the old rate price. Currently, it does not revert but simply returns false.