M-12 MitigationConfirmed #47

c4-bot-3 · 2024-06-07T08:38:58Z

Lines of code

Vulnerability details

Original Issue Summary

M-12: Incorrect exchange rate provided to Balancer pools

In the original issue, getRate() does not check for outdated exchange rates, which can result to incorrect calculations.

Mitigation

Mitigation M-12

The mitigation proposes a staleness-check:

-        (uint256 _lastPrice, ) = getMintRate();
+        (uint256 _lastPrice, uint256 _lastPriceTimestamp) = getMintRate();
+        if (block.timestamp > _lastPriceTimestamp + 1 days) {
+            revert OraclePriceExpired();
+        }

Comments

This mitigation succesfully mitigates the original issue. The usage of _lastPriceTimestamp and checking if block.timestamp is more than _lastPriceTimestamp + 1 days will ensure that the price can not be stale.

Suggestion

n/a

Conclusion

LGTM

The text was updated successfully, but these errors were encountered:

c4-judge · 2024-06-08T05:20:39Z

alcueca marked the issue as satisfactory

c4-bot-3 added mitigation-confirmed MR-M-12 labels Jun 7, 2024

c4-bot-10 added a commit that referenced this issue Jun 7, 2024

Fassi_Security issue #47

ebc5666

c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Jun 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

M-12 MitigationConfirmed #47

M-12 MitigationConfirmed #47

c4-bot-3 commented Jun 7, 2024

c4-judge commented Jun 8, 2024