Closed sherlock-admin closed 1 year ago
J4de
medium
UniswapV3AdapterOracle.sol#setStablePools
UniswapV3AdapterOracle.sol#setStablePools function token check is incomplete
File: oracle/UniswapV3AdapterOracle.sol 40 function setStablePools( 41 address[] calldata tokens, 42 address[] calldata pools 43 ) external onlyOwner { 44 if (tokens.length != pools.length) revert Errors.INPUT_ARRAY_MISMATCH(); 45 for (uint256 idx = 0; idx < tokens.length; idx++) { 46 if (tokens[idx] == address(0) || pools[idx] == address(0)) 47 revert Errors.ZERO_ADDRESS(); 48 if ( 49 >> tokens[idx] != IUniswapV3Pool(pools[idx]).token0() && 50 tokens[idx] != IUniswapV3Pool(pools[idx]).token1() 51 ) revert Errors.NO_STABLEPOOL(pools[idx]); 52 stablePools[tokens[idx]] = pools[idx]; 53 emit SetPoolStable(tokens[idx], pools[idx]); 54 } 55 }
setStablePools function will check whether the pool and token are consistent. Line 49 should use || instead of &&, because as long as one is wrong, it is illegal.
setStablePools
||
&&
May lead to use of the wrong pools.
https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/oracle/UniswapV3AdapterOracle.sol#L48-L49
Manual Review
function setStablePools( address[] calldata tokens, address[] calldata pools ) external onlyOwner { if (tokens.length != pools.length) revert Errors.INPUT_ARRAY_MISMATCH(); for (uint256 idx = 0; idx < tokens.length; idx++) { if (tokens[idx] == address(0) || pools[idx] == address(0)) revert Errors.ZERO_ADDRESS(); if ( - tokens[idx] != IUniswapV3Pool(pools[idx]).token0() && + tokens[idx] != IUniswapV3Pool(pools[idx]).token0() || tokens[idx] != IUniswapV3Pool(pools[idx]).token1() ) revert Errors.NO_STABLEPOOL(pools[idx]); stablePools[tokens[idx]] = pools[idx]; emit SetPoolStable(tokens[idx], pools[idx]); } }
J4de
medium
UniswapV3AdapterOracle.sol#setStablePools
function token check is incompleteSummary
UniswapV3AdapterOracle.sol#setStablePools
function token check is incompleteVulnerability Detail
setStablePools
function will check whether the pool and token are consistent. Line 49 should use||
instead of&&
, because as long as one is wrong, it is illegal.Impact
May lead to use of the wrong pools.
Code Snippet
https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/oracle/UniswapV3AdapterOracle.sol#L48-L49
Tool used
Manual Review
Recommendation