Strict price freshness check will block important state operations
Summary
Strict oracle price freshness check will cause important protocol operations to revert.
Root Cause
In PoolGetters.sol:161 oracle price freshness check is set to 30 mins which may be too strict for most of the price feed. As a result, common core operations will often revert when they should not.
Internal pre-conditions
No response
External pre-conditions
Price feed oracle hearbeat is larger than 30 minutes. For example check price feed for ETH/USD
Price feed oracle price change threshold has not been triggered in the meantime.
Attack Path
When price oracle happens more than 30 minutes ago and less than 1 hour ago core system operation will start failing. For example LiquidationLogic.executeLiquidationCall() will revert when calling IPool(params.pool).getAssetPrice(params.collateralAsset). As a result, system will not be able to operate properly in these circumstances.
Impact
No response
PoC
No response
Mitigation
Relax the Stale Price check to better accommodate the update mechanics of the price oracle. Consider adjusting the time window to align with the price update frequency based on the deviation threshold and heartbeat interval. For example, using a longer time window (e.g., 1 hour or more) may provide a better balance between ensuring data freshness and avoiding unnecessary reverts.
Where acceptableTimeWindow should be set to a value that reflects the heartbeat interval or a reasonable multiple thereof to prevent unnecessary staleness rejections.
perseus
Medium
Strict price freshness check will block important state operations
Summary
Strict oracle price freshness check will cause important protocol operations to revert.
Root Cause
In
PoolGetters.sol:161oracle price freshness check is set to 30 mins which may be too strict for most of the price feed. As a result, common core operations will often revert when they should not.Internal pre-conditions
No response
External pre-conditions
Attack Path
When price oracle happens more than 30 minutes ago and less than 1 hour ago core system operation will start failing. For example LiquidationLogic.executeLiquidationCall() will revert when calling
IPool(params.pool).getAssetPrice(params.collateralAsset). As a result, system will not be able to operate properly in these circumstances.Impact
No response
PoC
No response
Mitigation
Relax the Stale Price check to better accommodate the update mechanics of the price oracle. Consider adjusting the time window to align with the price update frequency based on the deviation threshold and heartbeat interval. For example, using a longer time window (e.g., 1 hour or more) may provide a better balance between ensuring data freshness and avoiding unnecessary reverts.
Proposed modification:
Where acceptableTimeWindow should be set to a value that reflects the heartbeat interval or a reasonable multiple thereof to prevent unnecessary staleness rejections.
Duplicate of #9