Closed sherlock-admin closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid: the condition should be > instead of <; medium(3)
Invalid, unsure what the watson is pointing to, given check is correct. When sum of timestamp + maxAge of price data is less than current timestamp, it means price is stale. This is synonymous to timestamp < block.timestamp - maxAge
Afriauditor
high
Afriauditor high OracleModule::_getPrice returns only Stale price
Summary
OracleModule::_getPrice reverts when timestamp is within the required age, creating a DoS bug for all other modules depending on it to fetch price.
Vulnerability Detail
The _getPrice function fetches the latest asset price by comparing on-chain Chainlink and off-chain Pyth oracle prices and selects the freshest and valid price, however the last check is does is checks if the selected price's timestamp is within the acceptable age range specified by the maxAge parameter. Contrary to the intended logic, the code implementation actually reverts if the sum of the timestamp and maxAge is less than the current block timestamp, causing the code to revert if it's within age and execute when timestamp is old.
Impact
This issue poses a risk of disrupting the protocol's functionality, resulting in a denial-of-service scenario. OracleModule::_getPrice, a crucial function relied upon by all other modules for oracle price retrieval. The function will consistently reverts when the timestamp falls within the expected limit, and execute when the timestamp is above the limit (indicating staleness) making protocol to use only stale prices
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/OracleModule.sol#L131
Tool used
Manual Review
PoC
Recommendation