Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid: medium(10)
Escalate This isssue is not dup of #170 due to insufficient proof.
Escalate This isssue is not dup of #170 due to insufficient proof.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Planning to reject and keep issue state as is. I believe it's clear that the report is describing the same core issue as described in #170
Agree with @Evert0x
Result: Medium Duplicate of #170
Dliteofficial
medium
_maxAge()
might cause transactions to revert due to staleness check inOracleModule
Summary
A low maxAge value might cause transactions in
StableModule
andLeverageModule
to revert for the failure to meet the staleness check inOracleModule::_getPrice()
Vulnerability Detail
During the execution of an announced deposit order in
StableModule::executeDeposit()
, the function checks the time passed since executionAtTime. The result of this call, maxAge, is used in the staleness check inOracleModule::_getPrice()
. The issue here is that when maxAge is less thanonchainOracle.maxAge
andoffchainOracle.maxAge
, the staleness check in_getOnchainPrice()
and_getOffchainPrice()
will pass but the one inOracleModule::_getPrice()
(see code snippet) will fail. The same applies to the others inStableModule
andLeverageModule
Impact
executeOrder transactions will fail on execution due to the failure of maxAge to meet the staleness check
Code Snippet
StableModule::executeDeposit()
OracleModule::_getPrice()
Tool used
Manual Review
Recommendation
Consider removing
_getMaxAge()
StableModule::executeDeposit()
Duplicate of #170