By the wooracle’s default values, if a wooracle.post_price is not triggered every atleast 120 seconds, the swap function will be reverting when trying to fetch the oracle price.
Vulnerability Detail
The wooracle’s default stale_duration is 120 seconds, if the wo_timestamp + oracle.stale_duration is greater than the current timestamp, the swap reverts.
The wo_timestamp is equal to oracle.updated_at which is updated only at post_price .
Which means if post_price is not executed every 120 seconds by the swap , subsequent swap calls which require the oracle’s price, will be reverting.
Impact
Any swap that requires the affected wooracle’s price, will be reverting.
The first step is to change the DEFAULT_STALE_DURATION in a value that is not too short to avoid swap calls getting reverted. Afterwards, the protocol needs to ensure that no stale prices are present.
Proud Wintergreen Butterfly
Medium
DEFAULT_STALE_DURATION causing swap to revert
Summary
By the wooracle’s default values, if a
wooracle.post_priceis not triggered every atleast 120 seconds, theswapfunction will be reverting when trying to fetch the oracle price.Vulnerability Detail
The wooracle’s default
stale_durationis 120 seconds, if thewo_timestamp + oracle.stale_durationis greater than the current timestamp, the swap reverts. Thewo_timestampis equal tooracle.updated_atwhich is updated only atpost_price. Which means ifpost_priceis not executed every 120 seconds by theswap, subsequentswapcalls which require the oracle’s price, will be reverting.Impact
Any
swapthat requires the affected wooracle’s price, will be reverting.Code Snippet
get_price timestamp check swap’s call to post_price wooracle’s post_price
Tool used
Manual Review
Recommendation
The first step is to change the
DEFAULT_STALE_DURATIONin a value that is not too short to avoidswapcalls getting reverted. Afterwards, the protocol needs to ensure that no stale prices are present.