Closed sherlock-admin closed 1 year ago
2 comment(s) were left on this issue during the judging contest.
141345 commented:
m
panprog commented:
invalid because publish price time is in the future from commit time, and commit time is in the future from current time, meaning that if the user submits or frontruns commit, his position at that time will have timestamp into the future and can not use the oracle which will settle immediately after that
Agree with Panprog
n33k
high
Market: User can frontrun oracle version update to settle position at a determined price
Summary
User can monitor price in oracle version update transaction. The price will be used in the next settlement. User can frontrun this transaction to settle his position at a determined price. So that entering or exiting positions can be timed to profit.
This volilates the settlement design described in the doc,
Vulnerability Detail
The doc described the settlement machenisms.
The user is able to commit the next oracle version update because committing is not restricted in PythOracle.sol. Or he can monitor the pool for the next oracle version update.
So the user knows the next settlement price.
The user can time his entering and exiting to profit by doing,
Impact
The settlement machenisms protecting arbitrage is broken. Attacker can arbitrage the market and profit.
Code Snippet
https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L85
Tool used
Manual Review
Recommendation
Settle the pending positions behind one more oracle version.