Lack of Stale Price Checking in _getPrice Function
Summary
The _getPrice function in the provided contract does not include checks for stale prices obtained from the oracle adapter. This omission could lead to potential inaccuracies in trading decisions and may expose the contract to manipulation or arbitrage opportunities based on outdated price data.
Vulnerability Detail
The _getPrice function retrieves the current price from the oracle adapter based on the market's price feed ID without considering the freshness of the price data. Here's the code snippet of the function:
The function simply fetches the price without verifying its timeliness or checking for updates. This lack of validation leaves the contract vulnerable to stale prices, which may result from delays in oracle updates or manipulation of price feeds.
Impact
One potential impact of this vulnerability is that traders relying on outdated or stale price data may make incorrect trading decisions, leading to financial losses. Moreover, arbitrageurs could exploit price discrepancies caused by stale data, resulting in inefficient markets and reduced liquidity.
bigbick123456789000
medium
Lack of Stale Price Checking in
_getPrice
FunctionSummary
The
_getPrice
function in the provided contract does not include checks for stale prices obtained from the oracle adapter. This omission could lead to potential inaccuracies in trading decisions and may expose the contract to manipulation or arbitrage opportunities based on outdated price data.Vulnerability Detail
The
_getPrice
function retrieves the current price from the oracle adapter based on the market's price feed ID without considering the freshness of the price data. Here's the code snippet of the function:The function simply fetches the price without verifying its timeliness or checking for updates. This lack of validation leaves the contract vulnerable to stale prices, which may result from delays in oracle updates or manipulation of price feeds.
Impact
One potential impact of this vulnerability is that traders relying on outdated or stale price data may make incorrect trading decisions, leading to financial losses. Moreover, arbitrageurs could exploit price discrepancies caused by stale data, resulting in inefficient markets and reduced liquidity.
Code Snippet
#L530-L536
Tool used
Manual Review
Recommendation
Incorporate mechanisms to check the freshness of price data before using it for trading decisions.
Duplicate of #24