XOracle.getLatestPrice() can return stale price within _getSwapResult() function
Summary
getLatestPrice() may not really return latest price
Vulnerability Detail
there's no check between the prev update timestamp and the current timestamp. The price returned can be a stale price when comparing real world price with what is returned by XOracle.getLatestPrice()
Impact
XOracle.getLatestPrice() can return stale price within _getSwapResult() function
get the prev update timestamp and compare with the current timestamp, ensure a revert on stale prices by comparing the two timestamps within a require statement
PRAISE
medium
XOracle.getLatestPrice() can return stale price within _getSwapResult() function
Summary
getLatestPrice() may not really return latest price
Vulnerability Detail
there's no check between the prev update timestamp and the current timestamp. The price returned can be a stale price when comparing real world price with what is returned by XOracle.getLatestPrice()
Impact
XOracle.getLatestPrice() can return stale price within _getSwapResult() function
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/XOracle.sol#L58
Tool used
Manual Review
Recommendation
get the prev update timestamp and compare with the current timestamp, ensure a revert on stale prices by comparing the two timestamps within a require statement
Duplicate of #150