Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep3rV2Oracle Overflow Bug #54

Open
b0dhidharma opened this issue May 18, 2021 · 0 comments
Open

Keep3rV2Oracle Overflow Bug #54

b0dhidharma opened this issue May 18, 2021 · 0 comments
Labels
bug Something isn't working

Comments

@b0dhidharma
Copy link

Keep3rV2Oracle is not to using FixedPoint library and it's using solc 0.8.x, this introduces a possible revert.

Last price cumulative's in uniswap / sushiswap pairs are accumulators, and they are designed to overflow.

When doing the calculations with these queried value, Keep3rV2Oracle does a priceLast * e10 / Q112 .

If the cumulative price is big enough * e10 will throw an overflow because of checked math in solidity 0.8.x, therefore reverting.

Very rough branch demonstrating that it will fail: link.

It does not represent an immediate risk but it depends a lot on pair's volume and tokens decimals. So, I'd strongly suggest to deprecate the oracle / fix this issue.
@milkyklim milkyklim added the bug Something isn't working label May 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@milkyklim @b0dhidharma