juancito - Static oracles in `StableOracleDAI` and `StableOracleWBGL` have wrong addresses

[sherlock-admin]

juancito

medium

Static oracles in StableOracleDAI and StableOracleWBGL have wrong addresses

Summary

Static oracles in StableOracleDAI and StableOracleWBGL have wrong addresses. Those are used on their corresponding getPriceUSD functions, making the function revert.

It will be impossible to mint USSD tokens with DAI and WBGL as collateral, as their getPriceUSD will always revert.

Vulnerability Detail

Both StableOracleDAI and StableOracleWBGL set their static oracles to 0x982152A6C7f732Ec7C9EA998dDD9Ebde00Dfa16e.

That is not an static oracle, but the Uniswap WBGL/ETH pool.

It does not implement the expected interface, nor does it have the quoteSpecificPoolsWithTimePeriod() function.

When trying to call getPrice, it will always revert, as it will try to call quoteSpecificPoolsWithTimePeriod() on the "static oracle", but it doesn't exist there.

getPrice() is used when trying to mint USSD tokens on the USSD contract. So, it is impossible to use these oracles for that purpose.

    // constructor()
    DAIEthOracle = IStaticOracle(
        0x982152A6C7f732Ec7C9EA998dDD9Ebde00Dfa16e
    );

    // getPrice()
    uint256 DAIWethPrice = DAIEthOracle.quoteSpecificPoolsWithTimePeriod(

Link to code

    // constructor()
    staticOracleUniV3 = IStaticOracle(
        0x982152A6C7f732Ec7C9EA998dDD9Ebde00Dfa16e
    );

    // getPrice()
    uint256 wbglWethPrice = staticOracleUniV3
        .quoteSpecificPoolsWithTimePeriod(

Link to code

Impact

It will be impossible to mint USSD tokens with DAI and WBGL as collateral, as their getPriceUSD will always revert.

Code Snippet

• https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L27-L29
• https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWBGL.sol#LL18C1-L20C11

Tool used

Manual Review

Recommendation

Set the correct address for the static oracles.

One example could be Mean Finance implementation 0xB210CE856631EeEB767eFa666EC7C1C57738d438 with their Ethereum contract here.

    DAIEthOracle = IStaticOracle(
-        0x982152A6C7f732Ec7C9EA998dDD9Ebde00Dfa16e
+        0xB210CE856631EeEB767eFa666EC7C1C57738d438
    );

    staticOracleUniV3 = IStaticOracle(
-        0x982152A6C7f732Ec7C9EA998dDD9Ebde00Dfa16e
+        0xB210CE856631EeEB767eFa666EC7C1C57738d438
    );

Duplicate of #817