Lines of code
<https://github.com/code-423n4/2023-09-asymmetry/blob/main/contracts/strategies/votium/VotiumStrategy.sol#L32>
Stale cvx price can be used while depositing
When user deposits, then price of afEth token is calculated. It’s needed to know how many tokens user will receieve.
This price consists of safEth price and vEth price.
This is how price is found for vEth.
<https://github.com/code-423n4/2023-09-asymmetry/blob/main/contracts/strategies/votium/VotiumStrategy.sol#L31-L33>
function price() external view override returns (uint256) {
return (cvxPerVotium() * ethPerCvx(false)) / 1e18;
}
Here, ethPerCvx function is called and false is passed as param. This param tells function if it’s needed to validate chainlink price. In case if it’s false then there will be no validation and as result there is a risk that chainlink will return stale price. As user also provides slippage that actually doesn’t mean that he will not be affected, it’s still possible that wrong price will fit slippage.
VsCode
Validate chainlink data in this case.
Error
The text was updated successfully, but these errors were encountered:
All reactions