`PendleTokenCustomOracle.latestAnswer` function uses `IUniswapV3Pool(uniPool).slot0` that is susceptible to flashloan exploits

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xa329bca26cdbfb9bbedfe14275215e91c306ad2fbbb8f0574dd71ad42a59c46c Severity: medium

Description:

Description

• PendleTokenCustomOracle.latestAnswer function uses IUniswapV3Pool(uniPool).slot0 to fetch the tick value that is going to be used to calculate the quote, wher slot0 represents the most recent data point and is extremely easy to manipulate with flashloans.

Impact

Price of asset can be easily manipulate to cause loss of funds for the protocol and users.

Code Instance

PendleTokenCustomOracle.latestAnswer function

 (
            ,
            int24 tick
            ,
            ,
            ,
            ,
            ,
        ) = IUniswapV3Pool(uniPool).slot0();

Tool used

Manual Review

Recommendation

Use a TWAP oracle to get the price instead of using slot0.

[vonMangoldt]

Out of scope.. See scope here:

https://app.hats.finance/audit-competitions/wise-lending-0xa2ca45d6e249641e595d50d1d9c69c9e3cd22573/scope

This was just for mainnet fork testing and not intended to be deployed