The problem is that when (tickCumulatives[1] - tickCumulatives[0]) is negative, some additional calculations might be necessary, as it's demonstrated in v3-periphery/OracleLibrary.sol.
Impact
When (tickCumulatives[1] - tickCumulatives[0]) < 0 and (tickCumulatives[1] - tickCumulatives[0]) % int32(twapInterval) != 0, the returned tick is higher than it should be. Thus, in this case the required collateral amount put up will be different from what it should be.
In pools with less liquidity prices across ticks may vary quite a bit.
Code Snippet
getSqrtTwapX96 is responsible for making the TWAP price calculation.
Here are the logs from Uniswap V3 USDT/USDC pool, which demonstrates how price may differ, even in very liquid pools.
givn
medium
LenderCommitmentGroup_Smart can calculate wrong price because negative ticks math doesn't round down when it should
Summary
LenderCommitmentGroup_Smart
uses Uniswap V3 pool as oracle to get TWAP price for collateral.Vulnerability Detail
getSqrtTwapX96
calculates TWAPsqrtPriceX96
.The problem is that when
(tickCumulatives[1] - tickCumulatives[0])
is negative, some additional calculations might be necessary, as it's demonstrated in v3-periphery/OracleLibrary.sol.Impact
When
(tickCumulatives[1] - tickCumulatives[0]) < 0
and(tickCumulatives[1] - tickCumulatives[0]) % int32(twapInterval) != 0
, the returned tick is higher than it should be. Thus, in this case the required collateral amount put up will be different from what it should be.In pools with less liquidity prices across ticks may vary quite a bit.
Code Snippet
getSqrtTwapX96
is responsible for making the TWAP price calculation.Here are the logs from Uniswap V3 USDT/USDC pool, which demonstrates how price may differ, even in very liquid pools.
Gist for validating the calculations
Tool used
Manual Review
Recommendation
Update the
getSqrtTwapX96
function in the following way:Duplicate of #283