You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Confidence intervals of Pyth Oracle prices are ignored
Summary
The prices in Pyth Network have an important parameter, the 'confidence interval'. Ignoring it may result in invalid prices.
Vulnerability Detail
The Pyth documentation suggests some ways to leverage confidence intervals to avoid relying on prices that come with an increased level of uncertainty and thus could be invalid at the given moment of time.
However, this is completely ignored in the PythOracle.sol contract.
Impact
The contract accepts any price even if its likelihood of validity is low.
Shaggy Lava Mustang
Medium
Confidence intervals of Pyth Oracle prices are ignored
Summary
The prices in Pyth Network have an important parameter, the 'confidence interval'. Ignoring it may result in invalid prices.
Vulnerability Detail
The Pyth documentation suggests some ways to leverage confidence intervals to avoid relying on prices that come with an increased level of uncertainty and thus could be invalid at the given moment of time.
However, this is completely ignored in the
PythOracle.solcontract.Impact
The contract accepts any price even if its likelihood of validity is low.
Code Snippet
https://github.com/sherlock-audit/2024-12-mach-finance/blob/main/contracts/src/Oracles/Pyth/PythOracle.sol#L93-L104
Recommendation
Implement the logic with threshold-based checks to ensure the confidence level meets at least the minimum acceptable value.
The text was updated successfully, but these errors were encountered: