search

sherlock-audit / 2024-06-leveraged-vaults-judging

9 stars 8 forks source link

nirohgo - PendlePTOracle does not check pendle oracle's health with every call #92

Closed sherlock-admin2 closed 2 months ago

sherlock-admin2 commented 2 months ago

nirohgo

Medium

PendlePTOracle does not check pendle oracle's health with every call

Summary

The PendlePTOracle checks the pendle oracle's health only once (in constructor) not accounting for potential failures or periods where reporting is unreliable that might occur later on

Vulnerability Detail

The PendlePTOracle checks the health of the specific market oracle on Pendle Oracle with the following code in the Constructor:

(
            bool increaseCardinalityRequired,
            /* */,
            bool oldestObservationSatisfied
        ) = Deployments.PENDLE_ORACLE.getOracleState(pendleMarket, twapDuration);
        require(!increaseCardinalityRequired && oldestObservationSatisfied, "Oracle Init");

However, the state of the Pendle Oracle for the market is dynamic and can change over time, making the use of this sanity check necessary at the start of every call to _calculateBaseToQuote, (in the same way that the sequencer health check (_checkSequencer) is conducted before every call). Failing to check the pendle oracle health with every call can lead to inaccurate price reports in periods where the Pendle Oracle reporting for the market is unreliable such as when increaseCardinalityRequired in non-zero (not enough reporters) or oldestObservationSatisfied is false (no recent enough samples) causing unbound financial damage to users.

root cause

failure to check Pendle Oracle health before every call to _calculateBaseToQuote

Impact

Inaccurate price reports when pendle oracle health for the market is compromised, leading to disruption in account health checks and failures in TradingMudule token trades (i.e. when exiting the market).

Code Snippet

https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/14d3eaf0445c251c52c86ce88a84a3f5b9dfad94/leveraged-vaults-private/contracts/oracles/PendlePTOracle.sol#L65

Tool used

Manual Review

Recommendation

Extract the pendle oracle health check code into a separate function and call the function from within both the constructor and _calculateBaseToQuote

sherlock-admin2 commented 2 months ago

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

Low/QA at most