[LOW-1] Price Update Allows Same Next and Current Price (Insufficient Price Bound Check)

[hats-bug-reporter[bot]]

Github username: @codertjay Twitter username: codertjay Submission hash (on-chain): 0x2d8b300f1bbeb5ec78ff4ff85342a08df891f299a34cf9ac17ed993374872331 Severity: low

Description: Description:

The updatePrice function allows the nextPrice to be set to the same value as currentPrice, which could prevent the commitPrice functionality from updating effectively. This issue may allow stale prices to persist and prevent the oracle from accurately reflecting price changes.

https://github.com/eurodollar-fi/eurodollar-protocol/blob/3900ae6a01f5c60146d314bf45b2ab67179422d1/src/YieldOracle.sol#L80

Impact:

• Commitment Failure: When nextPrice is equal to currentPrice, it could lead to failure in commitPrice, keeping the system from updating to the correct price.
• Stale Data: This could lead to stale data and disrupt services relying on the price feed.

Proof of Concept:

function testUpdatePriceNoChange() public {
    uint256 price = yieldOracle.currentPrice();
    yieldOracle.updatePrice(price); // No change in price
    // check that nextPrice and currentPrice are the same
    assertEq(yieldOracle.nextPrice(), price, "Prices should not match to allow commit");
}

Recommended Mitigation:

Add a check to enforce that the price parameter must be greater than currentPrice and within the maxPriceIncrease limit:

require(price > currentPrice && price - currentPrice <= maxPriceIncrease, "Price out of bounds");

[AndreiMVP]

Not an issue, price can stay the same if that's the oracle's update