[OHR-03M] Incorrect Iteration Count Limitation

OHR-03M: Incorrect Iteration Count Limitation

Type	Severity	Location
Logical Fault		OracleHelper.sol:L94, L131-L132

Description:

The OracleHelper::_recalibratePreview function will enforce a limitation on the iterationCount ensuring that it is greater-than-or-equal-to the value of 2. This limitation is incorrect as an iterationCount of 2 would result in the currentSecondBiggest yielded by the function to be always 0.

Impact:

As an iterationCount of 2 is permitted incorrectly, the Chainlink delay permitted would be 0 causing the oracle to appear "dead" regardless of its update rate.

Example:

if (iterationCount < 2) {
    revert SampleTooSmall(
        {
            size: iterationCount
        }
    );
}

uint16 phaseId = _getPhaseId(
    _tokenAddress
);

uint256 latestTimestamp = _getRoundTimestamp(
    _tokenAddress,
    phaseId,
    latestAggregatorRoundId
);

uint256 currentDiff;
uint256 currentBiggest;
uint256 currentSecondBiggest;

for (uint80 i = 1; i < iterationCount; ++i) {

    uint256 currentTimestamp = _getRoundTimestamp(
        _tokenAddress,
        phaseId,
        latestAggregatorRoundId - i
    );

    currentDiff = latestTimestamp
        - currentTimestamp;

    latestTimestamp = currentTimestamp;

    if (currentDiff >= currentBiggest) {

        currentSecondBiggest = currentBiggest;
        currentBiggest = currentDiff;

    } else if (currentDiff > currentSecondBiggest && currentDiff < currentBiggest) {
        currentSecondBiggest = currentDiff;
    }
}

return currentSecondBiggest;

Recommendation:

We advise the code to impose a limitation on the iterationCount that ensures it is greater-than-or-equal-to 3 instead, ensuring that 2 rounds are processed and thus yielding a potentially non-zero value for the currentSecondBiggest delay between Chainlink answers.

wise-foundation / lending-audit