There is no liveness check on the getLatestPrice from oracle when used on Unitas
Summary
There is no liveness check on the getLatestPrice from oracle when used on Unitas
Vulnerability Detail
XOracle provides price feed of assets for Unitas to use during swap. the amount in/out would be calculated based on the latestPrice from XOracle. However, there is no liveness check on the return value from the latestPrice. If the price feed is outdated or the chain just return online after a long time offline, the swap would be done with the outdated price
0xGoodess
medium
There is no liveness check on the getLatestPrice from oracle when used on Unitas
Summary
There is no liveness check on the getLatestPrice from oracle when used on Unitas
Vulnerability Detail
XOracle provides price feed of assets for Unitas to use during swap. the amount in/out would be calculated based on the latestPrice from XOracle. However, there is no liveness check on the return value from the latestPrice. If the price feed is outdated or the chain just return online after a long time offline, the swap would be done with the outdated price
Impact
outdated price feed would still be used in Unitas during swap
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/Unitas.sol#L417-L440
Tool used
Manual Review
Recommendation
add a liveness check to make sure the price is within certain threshold.
Duplicate of #150