Closed github-actions[bot] closed 1 year ago
Jaraxxus
medium
MAX_PRICE_DEVIATION is incorrect.
MAX_PRICE_DEVIATION is set as 1.2e18. NATSPEC mentions that the max price deviation is 20%. 1.2e18 is 0.2%, not 20%. 2e19 is 20%.
uint256 public constant MAX_PRICE_DEVIATION = 1.2e18; // max price deviation, 20%
MAX_PRICE_DEVIATION is incorrect. Oracle has wrong parameters.
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/oracle/AggregatorOracle.sol#L25
Manual Review
Set proper MAX_PRICE_DEVIATION.
Jaraxxus
medium
MAX_PRICE_DEVIATION is incorrect
Summary
MAX_PRICE_DEVIATION is incorrect.
Vulnerability Detail
MAX_PRICE_DEVIATION is set as 1.2e18. NATSPEC mentions that the max price deviation is 20%. 1.2e18 is 0.2%, not 20%. 2e19 is 20%.
Impact
MAX_PRICE_DEVIATION is incorrect. Oracle has wrong parameters.
Code Snippet
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/oracle/AggregatorOracle.sol#L25
Tool used
Manual Review
Recommendation
Set proper MAX_PRICE_DEVIATION.