the-first-elder - PRICES FROM TWAP ORACLE CAN BECOME STALE

[sherlock-admin2]

the-first-elder

medium

PRICES FROM TWAP ORACLE CAN BECOME STALE

Summary

The Time-Weighted Average Price (TWAP) oracle is susceptible to providing stale prices due to a lack of validation in the update function regarding the timeliness of price updates.

Vulnerability Detail

The issue arises from the absence of validation in the update function, which fails to ensure that the TWAP prices are updated within a reasonable timeframe. This becomes problematic when the trading volume for a particular security fluctuates throughout the day, causing the TWAP price to inaccurately reflect the current market conditions at the time of execution.

For instance, if a security experiences low trading volume early in the day, the TWAP price may be skewed towards the opening price. Subsequently, when the volume increases later in the day, the TWAP price might be higher than the actual market price, leading to suboptimal execution prices for traders.

Moreover, in scenarios with very low trading volume, the TWAP price might remain relatively unchanged throughout the day. This can result in orders being executed at prices that do not accurately represent the current market conditions, potentially signaling misleading information to vigilant traders monitoring the market.

Impact

The vulnerability introduces the risk of executing orders at prices that are not reflective of the true market conditions, impacting the effectiveness and accuracy of the TWAP oracle.

Code Snippet

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibTWAPOracle.sol#L68

Tool used

Manual Review

Recommendation

It is crucial to implement validation checks within the update function to ensure that the TWAP prices are updated within a reasonable timeframe. This adjustment will enhance the accuracy of the TWAP oracle, particularly in situations where trading volumes fluctuate. Careful consideration of market dynamics should be taken into account to optimize the functionality of the TWAP oracle and mitigate potential risks associated with stale prices

Duplicate of #34

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

The issue describes about TWAP can be manipulated because update function can be called anytime and by anyone, thus TWAP period can be as short as 1 block. It seems like a valid issue but after caeful consideration, it's noticed that the TWAP issue does not come from its period but the logic itself is incorrect, thus marking this as Invalid

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

The issue describes about TWAP can be manipulated because update function can be called anytime and by anyone, thus TWAP period can be as short as 1 block. It seems like a valid issue but after caeful consideration, it's noticed that the TWAP issue does not come from its period but the logic itself is incorrect, thus marking this as Invalid