Closed sherlock-admin closed 1 year ago
GalloDaSballo
medium
The Price feed for wstETH is accepting the price at face value instead of checking for the recency of the oracle
https://github.com/notional-finance/leveraged-vaults/blob/91b96a456a6ada5a7f73ecf420e4ac5bf6797b45/contracts/trading/oracles/wstETHChainlinkOracle.sol#L43-L44
Feed may have not been updated due to network conditions.
The system may accept a price that is not consistent with reality, which would allow for MEV.
MEV extraction as real price / AMM price vs accepted price is different, leading to arbitrage opportunities at the detriment of the protocol
Manual Review
Apply a check for updatedAt being recent enough
updatedAt
Duplicate of #133
GalloDaSballo
medium
M-02 wstETH Feed Doesn't check for Freshness
Summary
The Price feed for wstETH is accepting the price at face value instead of checking for the recency of the oracle
https://github.com/notional-finance/leveraged-vaults/blob/91b96a456a6ada5a7f73ecf420e4ac5bf6797b45/contracts/trading/oracles/wstETHChainlinkOracle.sol#L43-L44
Vulnerability Detail
Feed may have not been updated due to network conditions.
The system may accept a price that is not consistent with reality, which would allow for MEV.
Impact
MEV extraction as real price / AMM price vs accepted price is different, leading to arbitrage opportunities at the detriment of the protocol
Tool used
Manual Review
Recommendation
Apply a check for
updatedAtbeing recent enoughDuplicate of #133