Stale price data can result in inaccurate token calculations
Summary
Stale prices can lead to users being overcompensated or undercompensated with tokens, deviating from the expected amount based on the current market situation.
Vulnerability Detail
The vulnerability arises from the system's dependency on an off-chain oracle to fetch the most recent prices. When the oracle encounters issues, such as technical failures, network disruptions, or data source unavailability, it fails to provide updated price information. As a result, the system resorts to using the last saved price, which might be stale and no longer reflective of the current market conditions.
The vulnerability of using stale prices in the event of an off-chain oracle failure has significant impacts on the system and its users. It can lead to inaccurate valuations of assets, causing misleading investment decisions and financial outcomes.
One mitigation step to address the issue of stale prices is to introduce a threshold for the timestamp when updating prices. This can be achieved by implementing a validation mechanism that checks if the timestamp of the new price falls within an acceptable range of the current timestamp. If the new timestamp is too far in the past or too far in the future, the update should be rejected.
By setting a reasonable threshold, such as a maximum allowable time difference between the current timestamp and the new timestamp, the system can prevent the use of outdated prices and minimize the impact of off-chain oracle failures. This ensures that only recent and relevant price updates are accepted, reducing the risk of inaccurate token amounts and providing users with more reliable information for their transactions.
mau
medium
Stale price data can result in inaccurate token calculations
Summary
Stale prices can lead to users being overcompensated or undercompensated with tokens, deviating from the expected amount based on the current market situation.
Vulnerability Detail
The vulnerability arises from the system's dependency on an off-chain oracle to fetch the most recent prices. When the oracle encounters issues, such as technical failures, network disruptions, or data source unavailability, it fails to provide updated price information. As a result, the system resorts to using the last saved price, which might be stale and no longer reflective of the current market conditions.
Impact
The vulnerability of using stale prices in the event of an off-chain oracle failure has significant impacts on the system and its users. It can lead to inaccurate valuations of assets, causing misleading investment decisions and financial outcomes.
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/d5328421bea80e3b0fd4595e4eb6b732a40e421e/Unitas-Protocol/src/XOracle.sol#L26
Tool used
Manual Review
Recommendation
One mitigation step to address the issue of stale prices is to introduce a threshold for the timestamp when updating prices. This can be achieved by implementing a validation mechanism that checks if the timestamp of the new price falls within an acceptable range of the current timestamp. If the new timestamp is too far in the past or too far in the future, the update should be rejected.
By setting a reasonable threshold, such as a maximum allowable time difference between the current timestamp and the new timestamp, the system can prevent the use of outdated prices and minimize the impact of off-chain oracle failures. This ensures that only recent and relevant price updates are accepted, reducing the risk of inaccurate token amounts and providing users with more reliable information for their transactions.
Duplicate of #150