The function `getDollarPriceUsd` may return expired dollar price.

Summary

The function getDollarPriceUsd may return expired dollar price.

Vulnerability Detail

The function getDollarPriceUsd gets the dollar price using LibTWAPOracle.getTwapPrice(). However, it may be an expired price, which misleads users.

Impact

Expired price will be returned.

Code Snippet

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L300-L311

Tool used

Manual Review

Recommendation

Add LibTWAPOracle.update(); before getting price.

sherlock-admin2 commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

REF #034

sherlock-admin2 commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

REF #034

nevillehuang commented 8 months ago

Invalid, prices are always updated before getDollarPriceUsd() is invoked, as seen here and here

sherlock-audit / 2023-12-ubiquity-judging

qmdddd - The function `getDollarPriceUsd` may return expired dollar price. #100

The function `getDollarPriceUsd` may return expired dollar price.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-12-ubiquity-judging

qmdddd - The function `getDollarPriceUsd` may return expired dollar price. #100

The function getDollarPriceUsd may return expired dollar price.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

The function `getDollarPriceUsd` may return expired dollar price.