toprince
commented
13 hours ago Need further investigation here.
Open sherlock-admin2 opened 15 hours ago
toprince
commented
13 hours ago Need further investigation here.
Tame Macaroon Tapir
Medium
Pyth prices are used without necessary precautions
Vulnerability Detail
In PythAdapter.sol, prices are queried without checking the confidence interval. During extremely volatile market conditions, the aggregate interval returned by Pyth might not reflect accurate prices. The reason is that the price publishers do not agree on the aggregate price interval and as a result, individually provided prices could significantly deviate from this interval. When this occurs, the price provided will be incorrect.
More can be read here.
As can be seen below, the price and the expo are taken and used to get the base and quote token prices, without performing input validation on the price, conf, and expo values, which can lead to the contract accepting invalid or untrusted price
Impact
As a result when prices are returned especially with really wide confidence intervals, the price returned could be farther from the true price leading to protocols working with these prices. This can negatively affect swaps or lead to arbitrage opportunities for malicious users at the expense of the protocol.
Code Snippet
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/1c4c9c622e8c44ae2f8cd4219c7c2a0181f25ca0/WOOFi_Solana/programs/woofi/src/instructions/get_price.rs#L52
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/1c4c9c622e8c44ae2f8cd4219c7c2a0181f25ca0/WOOFi_Solana/programs/woofi/src/instructions/get_price.rs#L58
Tool used
Manual Review
Recommendation
The confidence paramter should be queried and compared with a minimum confidence ratio. Any price below the ratio should be rejected based on pyth's recommendation.