search

sherlock-audit / 2024-08-woofi-solana-deployment-judging

0 stars 0 forks source link

Creamy Carrot Yeti - Incorrect checking of the feasible wo_price #7

Open sherlock-admin3 opened 15 hours ago

sherlock-admin3 commented 15 hours ago

Creamy Carrot Yeti

Medium

Incorrect checking of the feasible wo_price

Summary

Currently when getting the price of the asset from the oracle, wo_feasible is not verified correctly.

Vulnerability Detail

In the current implementation, we check if the price is feasible the following way:

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/get_price.rs#L77

   let wo_feasible = clo_price != 0 && now <= (wo_timestamp + oracle.stale_duration);

The problem is that clo_price is the price that's derived from the Pyth network and wo_price is the price is derived from the wooracle. However, the check above makes sure that the clo_price != 0 when in reality it wo_price that should be checked. Additionally, the correct check can be seen in the EVM implementation of the contracts:

https://github.com/woonetwork/woofi_swap_smart_contracts/blob/main/contracts/WooracleV2.sol#L201

bool checkWoFeasible = woPrice != 0 && block.timestamp <= (woPriceTimestamp + staleDuration);

This can lead to a situation where price of wooracle is not checked incorrectly and the check may return incorrect result affecting the final price that's fetched.

Impact

wo_feasible can return incorrect results as clo_price is the price that's checked.

Code Snippet

Provided above.

Tool used

Manual Review

Recommendation

Implement the following check:

   let wo_feasible = wo_price != 0 && now <= (wo_timestamp + oracle.stale_duration);
toprince commented 14 hours ago

wo_price == 0 means the first time after created the oracle, when there's no price. It will only cause problem when init the oracle after create. will investigate here further.