Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dod4ufn - DEFAULT_STALE_DURATION causing swap to revert #87

Open
sherlock-admin2 opened this issue Sep 24, 2024 · 1 comment
Open

dod4ufn - DEFAULT_STALE_DURATION causing swap to revert #87

sherlock-admin2 opened this issue Sep 24, 2024 · 1 comment
Labels
Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Sep 24, 2024
edited by sherlock-admin4
Loading

dod4ufn

Medium

DEFAULT_STALE_DURATION causing swap to revert

Summary

By the wooracle’s default values, if a wooracle.post_price is not triggered every atleast 120 seconds, the swap function will be reverting when trying to fetch the oracle price.

Vulnerability Detail

The wooracle’s default stale_duration is 120 seconds, if the wo_timestamp + oracle.stale_duration is greater than the current timestamp, the swap reverts.
The wo_timestamp is equal to oracle.updated_at which is updated only at post_price .
Which means if post_price is not executed every 120 seconds by the swap , subsequent swap calls which require the oracle’s price, will be reverting.

Impact

Any swap that requires the affected wooracle’s price, will be reverting.

Code Snippet

get_price timestamp check
swap’s call to post_price
wooracle’s post_price

Tool used

Manual Review

Recommendation

The first step is to change the DEFAULT_STALE_DURATION in a value that is not too short to avoid swap calls getting reverted. Afterwards, the protocol needs to ensure that no stale prices are present.
@toprince
Copy link

Not valid.

  1. Biz will set stale duration before post price. If biz post price every 30s - 60s, he may set stale duration to 120s.
  2. if price exceeded valid time, swap should stop, since the price is not valid.

@sherlock-admin3 sherlock-admin3 added Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed labels Oct 13, 2024
@sherlock-admin4 sherlock-admin4 changed the title Proud Wintergreen Butterfly - DEFAULT_STALE_DURATION causing swap to revert dod4ufn - DEFAULT_STALE_DURATION causing swap to revert Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@toprince @sherlock-admin2 @sherlock-admin3