the _latestStale() check is vulnerable to timestamp manipulation by miners
Summary
The _latestStale() check compares timestamps to determine if the latest oracle is stale. However, timestamps can be manipulated by miners to some extent. An attacker who is a miner could manipulate timestamps to trick the contract into thinking the latest oracle is stale when it is not
Vulnerability Detail
This Link compares the timestamp from the latest oracle version to the timestamp when that version was committed. If the version timestamp is greater, it returns false.
A miner could manipulate this by:
Calling latest() to get the latest oracle version
Checking if _latestStale() would return true for that version
If so, mining a block with a timestamp that makes _latestStale() return false
Calling request() before the next miner mines a block, to update the oracle based on the manipulated timestamp
This would trick _latestStale() into thinking the latest oracle is not stale, when it actually is.
Impact
An attacker can prevent the oracle from updating to the current provider when it should. They could manipulate the outdated oracle values.
feelereth
high
the _latestStale() check is vulnerable to timestamp manipulation by miners
Summary
The _latestStale() check compares timestamps to determine if the latest oracle is stale. However, timestamps can be manipulated by miners to some extent. An attacker who is a miner could manipulate timestamps to trick the contract into thinking the latest oracle is stale when it is not
Vulnerability Detail
This Link compares the timestamp from the latest oracle version to the timestamp when that version was committed. If the version timestamp is greater, it returns false. A miner could manipulate this by:
Impact
An attacker can prevent the oracle from updating to the current provider when it should. They could manipulate the outdated oracle values.
Code Snippet
https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-oracle/contracts/Oracle.sol#L112-L117
Tool used
Manual Review
Recommendation
timestamps should not be fully trusted. Instead of comparing exact timestamps, have a buffer window of allowed timestamp drift