Stale price leads to user getting incorrect token amount
Summary
Users get more/less tokens than they should in current market conditions when price becomes stale.
Vulnerability Detail
The swap function in Unitas.sol:208 uses the current price to calculate the swap amountOut at Unitas.sol:438. There is a risk of off-chain price feeders being off and not updating their prices. There is no threshold check for this situation. Price could be outdated, and users could get more/less than they should.
Impact
Users get more/less tokens than they should in current market conditions.
Threshold check can be added to make the XOracle.sol:49 and XOracle.sol:58 functions revert if the price timestamp is too old. This would protect both users from getting less tokens and the protocol from minting/sending more tokens than it should.
0xJuda
medium
Stale price leads to user getting incorrect token amount
Summary
Users get more/less tokens than they should in current market conditions when price becomes stale.
Vulnerability Detail
The swap function in Unitas.sol:208 uses the current price to calculate the swap amountOut at Unitas.sol:438. There is a risk of off-chain price feeders being off and not updating their prices. There is no threshold check for this situation. Price could be outdated, and users could get more/less than they should.
Impact
Users get more/less tokens than they should in current market conditions.
Code Snippet
Unitas.sol:438 XOracle.sol:49-60
Tool used
Manual Review
Recommendation
Threshold check can be added to make the XOracle.sol:49 and XOracle.sol:58 functions revert if the price timestamp is too old. This would protect both users from getting less tokens and the protocol from minting/sending more tokens than it should.
Duplicate of #150