dod4ufn - DEFAULT_STALE_DURATION causing swap to revert

[sherlock-admin2]

dod4ufn

Medium

DEFAULT_STALE_DURATION causing swap to revert

Summary

By the wooracle’s default values, if a wooracle.post_price is not triggered every atleast 120 seconds, the swap function will be reverting when trying to fetch the oracle price.

Vulnerability Detail

The wooracle’s default stale_duration is 120 seconds, if the wo_timestamp + oracle.stale_duration is greater than the current timestamp, the swap reverts. The wo_timestamp is equal to oracle.updated_at which is updated only at post_price . Which means if post_price is not executed every 120 seconds by the swap , subsequent swap calls which require the oracle’s price, will be reverting.

Impact

Any swap that requires the affected wooracle’s price, will be reverting.

Code Snippet

get_price timestamp check swap’s call to post_price wooracle’s post_price

Tool used

Manual Review

Recommendation

The first step is to change the DEFAULT_STALE_DURATION in a value that is not too short to avoid swap calls getting reverted. Afterwards, the protocol needs to ensure that no stale prices are present.

[toprince]

Not valid.

1. Biz will set stale duration before post price. If biz post price every 30s - 60s, he may set stale duration to 120s.
2. if price exceeded valid time, swap should stop, since the price is not valid.