Wrong address for `DAIEthOracle` in `StableOracleDAI.sol:DAIEthOracle` and `StableOracleWBGL.sol:staticOracleUniV3`

Summary

Wrong address for DAIEthOracle in StableOracleDAI.sol:DAIEthOracle and StableOracleWBGL.sol:staticOracleUniV3.

Vulnerability Detail

In the constructor of StableOracleDAI.sol and StableOracleWBGL.sol the value of the static oracles (DAIEthOracle and staticOracleUniV3) is initialized with the address 0x982152A6C7f732Ec7C9EA998dDD9Ebde00Dfa16e. This is the address of Uniswap WBGL/WETH pool, which does not implement the quoteSpecificPoolsWithTimePeriod function.

Impact

Calls to getPriceUSD() in StableOracleDAI and StableOracleWBGL will fail. This will make not possible minting or rebalancing USSD.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L27-L29

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWBGL.sol#L18-L20

Tool used

Manual Review

Recommendation

Use the correct address for static oracle contracts.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

065.md

065.md

Wrong address for `DAIEthOracle` in `StableOracleDAI.sol:DAIEthOracle` and `StableOracleWBGL.sol:staticOracleUniV3`

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

065.md

Latest commit

History

065.md

File metadata and controls

Wrong address for DAIEthOracle in StableOracleDAI.sol:DAIEthOracle and StableOracleWBGL.sol:staticOracleUniV3

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Wrong address for `DAIEthOracle` in `StableOracleDAI.sol:DAIEthOracle` and `StableOracleWBGL.sol:staticOracleUniV3`