The getUnderlyingPrice function in the Oracle contract does not check for stale prices. This means that the function could return a price that is outdated and no longer accurate.
Vulnerability Detail
This vulnerability could allow a malicious user to purchase the underlying asset at a lower price than they should.
Impact
getUnderlyingPrice function does not check for stale prices. This could allow a malicious user to purchase the underlying asset at a lower price than they should.
darkart
medium
Stale Price in Underlying Asset Price Calculation
Summary
The getUnderlyingPrice function in the Oracle contract does not check for stale prices. This means that the function could return a price that is outdated and no longer accurate.
Vulnerability Detail
This vulnerability could allow a malicious user to purchase the underlying asset at a lower price than they should.
Impact
getUnderlyingPrice function does not check for stale prices. This could allow a malicious user to purchase the underlying asset at a lower price than they should.
Code Snippet
https://github.com/hubble-exchange/hubble-protocol/blob/d89714101dd3494b132a3e3f9fed9aca4e19aef6/contracts/Oracle.sol#L24-L35
Tool used
Manual Review
Recommendation
The getUnderlyingPrice function should be updated to check for stale prices. This can be done by adding:
Duplicate of #18