FV-SOL-10-C4 Time Lags

TLDR

Delaying block production or influencing the timing of price updates can lead to incorrect price feeds that attackers use to profit

Game

You’ve come across a contract that relies on an oracle to provide time-sensitive price data. It assumes the oracle always provides up-to-date information.

But what if the oracle provides stale or outdated prices? Can you trust its time logs?

// SPDX-License-Identifier: MIT
// Open me in VSCode and really think before opening the hints!
// Add @audit tags wherever suspicious
// Go to the solidity docs to complete missing knowledge of what's happening here
// Solve by drafting a fix!
pragma solidity ^0.8.0;

interface IPriceOracle {
    function getPrice() external view returns (uint256);
    function getLastUpdatedTime() external view returns (uint256);
}

contract TimeLogsGame {
    IPriceOracle public oracle;
    uint256 public totalValue;

    constructor(address _oracle, uint256 _initialValue) {
        oracle = IPriceOracle(_oracle);
        totalValue = _initialValue;
    }

    // Update total value based on oracle price
    function updateValue() public {
        uint256 price = oracle.getPrice();
        uint256 lastUpdated = oracle.getLastUpdatedTime();

        require(price > 0, "Invalid price");
        require(lastUpdated > 0, "Invalid timestamp");
        totalValue = totalValue * price / 1e18; // Adjust value based on price
    }
}
PreviousFV-SOL-10-C3 Manipulation Through External Markets

Last updated

Was this helpful?