UltraVaultOracle Manual Review Findings

UVO-01M: Inefficient & Error-Prone Vesting System

Type	Severity	Location
Logical Fault		UltraVaultOracle.sol:L151, L155, L205, L206, L207

Description:

The vesting system in use by the UltraVaultOracle::_getCurrentPrice function is ineffective and results in rounding errors that accelerate price movements.

Specifically, the price change is evaluated in the inverse direction (i.e. a delta of the full price change based on the time that has elapsed) which will result in abrupt price changes if a truncation occurs.

Impact:

It is possible for a price vesting operation to achieve the targetPrice before the timestamp for full vesting has been achieved due to how truncations accelerate price movements in the current implementation.

Example:

Copy
205uint256 timeLeft = price.timestampForFullVesting - block.timestamp;
206uint256 timeFull = price.timestampForFullVesting - price.lastUpdatedTimestamp;
207uint256 change = diff - diff * timeLeft * DECIMAL_PRECISION / timeFull / DECIMAL_PRECISION;

Recommendation:

We advise truncations to slow down the price movements instead of accelerating them by revising the system to use a time-elapsed approach.

In detail, the price change should be evaluated as diff * timeElapsed / totalTime ensuring that any downward rounding operations will not result in abrupt price movements.

Alleviation (28f27853965de07fb79f4f2b5fed696d35120032):

The code was updated by implementing a time-based approach to the way the price moves between the price and targetPrice data points, alleviating this exhibit.