Uniswap Oracle reports incorrect rates for certain YAM token addresses #77
Comments
|
Amazing find. Thanks! Unfortunately this wasn't caught in our test suite, but would have been had any test deployment resulted in |
|
cool. I'm happy to submit a PR for the fix if you'd like, but won't have time to spend on testing it |
hamburglar1971
pushed a commit
to its-ham/protocol
that referenced
this issue
Oct 25, 2020
hamburglar1971
added a commit
to its-ham/protocol
that referenced
this issue
Oct 27, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This line has the reserves out of order. If it is executed, it will cause the oracle to return an incorrect price. This will cause incorrect rebases.
https://github.com/yam-finance/yam-protocol/blob/master/contracts/lib/UniswapV2OracleLibrary.sol#L31
The bug depends on whether the YAM address is numerically higher or lower than the token it's paired with. Therefore it is either activated at deploy time, or never activated. Thankfully it does not seem that this bug was activated on the existing deploys.
It seems to have been caused by a copy-paste error when modifying the Uniswap library. Perhaps consider using the Uniswap library directly.
Fix is simple. Change to
FixedPoint.fraction(reserve0, reserve1)._x)The text was updated successfully, but these errors were encountered: