Oxhunter526 - Inaccurate Observations Due to Incorrect `time` and `tick` Parameters in Oracle Library

[sherlock-admin]

Oxhunter526

medium

Inaccurate Observations Due to Incorrect time and tick Parameters in Oracle Library

Summary

The Oracle library includes the observe and observeSingle functions that provide historical price data observations. However, these functions assume specific parameters, including the time parameter being the current block timestamp and the tick parameter being the current tick of the pool. Deviating from these assumptions may lead to inaccurate accumulator values for historical observations.

Vulnerability Detail

The issue arises from assumptions made by the Oracle library's observe and observeSingle functions regarding the time and tick parameters. Let's delve into the details:

1. time Parameter Assumption:
   • The Oracle library assumes that the time parameter passed to these functions corresponds to the current block timestamp.
   • The Oracle.lte function, used internally, requires a and b to be chronologically before the time parameter.
   • If an arbitrary time parameter is used that does not match the current block timestamp, it can lead to incorrect results for the accumulator.
2. tick Parameter Assumption:
   • The Oracle library assumes that the tick parameter is the current tick of the pool.
   • If the last observation needed to be transformed (e.g., due to a change in the block timestamp), using an arbitrary tick value could result in an incorrect accumulator value.

     Impact

     The impact of this issue is that using incorrect or arbitrary values for the time and tick parameters when calling the observe and observeSingle functions can result in observations that do not accurately reflect the actual historical price data. This can potentially lead to incorrect decisions or calculations based on the inaccurate data.

     Code Snippet

     (https://github.com/sherlock-audit/2023-07-kyber-swap/blob/main/ks-elastic-sc/contracts/libraries/Oracle.sol#L241-L276) (https://github.com/sherlock-audit/2023-07-kyber-swap/blob/main/ks-elastic-sc/contracts/libraries/Oracle.sol#L287-L309) (https://github.com/sherlock-audit/2023-07-kyber-swap/blob/main/ks-elastic-sc/contracts/libraries/Oracle.sol#L123-L137)

     Tool used

Manual Review

Recommendation

• For the time parameter, use the timestamp that aligns with the specific point in time you are interested in when retrieving historical price data. This timestamp should be within the valid range of observations stored in the Oracle library.

• For the tick parameter, use the tick value that corresponds to the specific time for which you are requesting observations. If the last observation required transformation (i.e., the block timestamp changed), ensure that you use the updated tick value to calculate the accumulator accurately.

[sherlock-admin]

1 comment(s) were left on this issue during the judging contest.

Trumpero commented:

invalid, spam issue, vague description. Not specify anything. time param is not the current block.timestamp