Closed sherlock-admin closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
The price of collaterals are updated before mint/redeem, so it's guaranteed not being stale
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
The price of collaterals are updated before mint/redeem, so it's guaranteed not being stale
evmboi32
medium
Calling
collateralUsdBalance()
can return the wrong value.Summary
Calling
collateralUsdBalance()
can return the wrong value.Vulnerability Detail
Calling the
collateralUsdBalance()
won't update the collateral price by reading the latest data from chainlink oracle. This could lead to the discrepancy and return incorrectstale data
.Impact
External contracts relying on the usd balance of collateral available in the
UbiquidityPool
can receive wrong info as the prices could be stale.Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L247-L261
Tool used
Manual Review
Recommendation
Update the price before calculating the value of the collateral.
Duplicate of #195