Stale prices can be used as lpPrice in _validateMaxPosSize()
Summary
Stale prices can be used as lpPrice in _validateMaxPosSize()
Vulnerability Detail
The _validateMaxPosSize() function calls bank.oracle().getPrice(address(lpToken)) and stores the gotten price to lpTokens.
The issue here is that the coreOracle.sol's getPrice() function calls _getPrice() function which doesn't take into account the time/blocktimestamp of when prices where last updated.
Hence prices gotten by this call bank.oracle().getPrice(address(lpToken)) can be far behind current price.
Impact
lpPrice will be an outdated price and curPosSize will be wrongly calculated here
PRAISE
medium
Stale prices can be used as lpPrice in _validateMaxPosSize()
Summary
Stale prices can be used as lpPrice in _validateMaxPosSize()
Vulnerability Detail
The _validateMaxPosSize() function calls
bank.oracle().getPrice(address(lpToken))and stores the gotten price tolpTokens. The issue here is that the coreOracle.sol'sgetPrice() functioncalls _getPrice() function which doesn't take into account the time/blocktimestamp of when prices where last updated. Hence prices gotten by this callbank.oracle().getPrice(address(lpToken))can be far behind current price.Impact
lpPricewill be an outdated price andcurPosSizewill be wrongly calculated hereCode Snippet
https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/spell/BasicSpell.sol#L202-L204
Tool used
Manual Review
Recommendation
Make _getPrice() in coreOracle.sol take time/blocktimestamp of the last update of
pxhere into account --