0xrobsol - Inadequate Minimum TWAP Interval Configuration Leads to Potential Price Volatility
Closed this issue · 0 comments
0xrobsol
medium
Inadequate Minimum TWAP Interval Configuration Leads to Potential Price Volatility
Summary
The initialization function of the contract allows setting a twapInterval without enforcing a minimum threshold. This oversight could lead to the use of too short an interval for TWAP (Time-Weighted Average Price) calculations, resulting in volatile and less reliable price data.
Vulnerability Detail
The contract's initialize function accepts a twapInterval parameter intended to specify the duration over which average prices are calculated to mitigate short-term price fluctuations. Without a lower bound on this value, users could set an impractically short interval that fails to smooth out price volatility effectively.
Impact
Using an inadequately short TWAP interval could result in several undesirable outcomes:
- Increased Price Volatility: Short intervals may not average out the rapid fluctuations typical in crypto markets, leading to unstable price feeds.
- Market Manipulation Risks: Shorter intervals can be more susceptible to price manipulation, as manipulators need only influence the market price briefly to affect the TWAP calculation.
Code Snippet
Tool used
Manual Review
Recommendation
To mitigate this vulnerability and ensure the reliability of TWAP calculations, the following measures should be implemented:
- Minimum TWAP Interval Enforcement: Introduce a check to ensure that the twapInterval is set to a minimum acceptable value. This can prevent setting intervals that are too short to be effective.
require(_twapInterval >= minimumTwapInterval, "TWAP interval too short");
Duplicate of #119