Tart Vinyl Octopus - TokenOracle.timout is not updated in UsualOracle when initializeTokenOracle is called #144
Description
Tart Vinyl Octopus
Medium
TokenOracle.timout is not updated in UsualOracle when initializeTokenOracle is called
Summary
TokenOracle.timout variable is used in checking if the price provided by price feed is recent enough for our case.
In our case we are not updating in when initializing token oracle, this means we won't be able to compare latestPrice's last updated timestamp with this timout variable, to see if price is recent enough.
Root Cause
TokenOracle.timout is not updated in UsualOracle::initializeTokenOracle when we are adding support for a new token.
Internal Pre-conditions
- Admin calls
UsualOracle::initializeTokenOracleto add support for new token which may or may not be a stablecoin.
External Pre-conditions
- The oracle for our initalized token returns stale price.
Attack Path
UsualOracle::getPricefunction is called to get the latest price
Impact
UsualOracle's consumers will call getPrice function thinking they will get latestPrice but there will a possiblility of getting stale price.
PoC
Textual Poc with 2 steps:
-
Admin calls
initializeTokenOracleto initialize oracle for a token, timout param is provided by the admin but it is not updated. -
getPricefunction is called for a token initialized in the first step and this price can be stale as we have not implemented a check for its staleness due to timout variable not being updated.
Mitigation
Add the folloing at the end of initializeTokenOracle function
$.tokenToOracleInfo[token].timeout = timeout;