Closed sherlock-admin closed 1 year ago
2 comment(s) were left on this issue during the judging contest.
141345 commented:
d
panprog commented:
invalid because at() only iterates until correct timestamp is found, and also because owner is trusted to not add many oracles
feelereth
high
the at() function can be exploited to cause an out-of-gas error
Summary
The at() view function iterates backwards through historical oracles to find the right one for the timestamp. This could be exploited to cause the function to run out of gas if there are a large number of historical oracles.
Vulnerability Detail
The issue is that it iterates from global.current downwards without any limit on the number of iterations. An attacker could exploit this by:
Impact
This will cause the function to run out of gas
Code Snippet
https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-oracle/contracts/Oracle.sol#L64-L72
Tool used
Manual Review
Recommendation
oracles should be stored in a more efficient data structure like a binary search tree rather than a simple mapping.