sherlock-admin2
commented
5 months ago 1 comment(s) were left on this issue during the judging contest.
panprog commented:
invalid by sherlock rules
Closed sherlock-admin4 closed 5 months ago
sherlock-admin2
commented
5 months ago 1 comment(s) were left on this issue during the judging contest.
panprog commented:
invalid by sherlock rules
nevillehuang
commented
4 months ago Invalid, as seen in the following, so if price returns 0, it is still taken as trusted
Pyth (or other oracle providers) - TRUSTED
bareli
medium
No check on "ethTokenOracleFeed().latestRoundData()"
Summary
wrong calculation of _etherPrice() due to no check on output from "ethTokenOracleFeed().latestRoundData();"
Vulnerability Detail
function _etherPrice() private view returns (UFixed18) { (, int256 answer, , ,) = ethTokenOracleFeed().latestRoundData(); return UFixed18Lib.from(Fixed18Lib.ratio(answer, 1e8)); // chainlink eth-usd feed uses 8 decimals }
Impact
wrong calculation of _etherPrice.
Code Snippet
https://github.com/sherlock-audit/2024-02-perennial-v2-3/blob/main/root/contracts/attribute/Kept/Kept.sol#L120
Tool used
Manual Review
Recommendation
check that price is greater than 0.