Description

There are two places where entries are checked to be recent: publish_entry and build_entries_array.

The publish_entry verifies the following condition for new entries: (current_timestamp - TIMESTAMP_BUFFER) <= new_entry.timestamp

let (current_timestamp) = get_block_timestamp();
with_attr error_message("Oracle: New entry timestamp is too far in the past") {
    assert_le(current_timestamp - TIMESTAMP_BUFFER, new_entry.timestamp);
}

The build_entries_array checks the following condition to filter entries that are too old: entry.timestamp <= current_timestamp - TIMESTAMP_BUFFER)

let is_entry_stale = is_le(entry.timestamp, current_timestamp - TIMESTAMP_BUFFER);
let should_skip_entry = is_not_zero(is_entry_stale + not_is_entry_initialized);

Ideally both the checks should have the same statement; however, when we rearrange and list them, we see that there is a certain timestamp where the publish_entry states that the entry is fresh but build_entries_array says that the entry is stale.

// Entries are fresh if:
current_timestamp - TIMESTAMP_BUFFER <= new_entry.timestamp
current_timestamp - TIMESTAMP_BUFFER < entry.timestamp

Impact

If an entry is on the boundary of being stale, and it is published and fetched at the same timestamp, it will be rejected. While this is not a security concern, it is important to ensure that assumptions and invariants across the project are consistent with each other to prevent bugs from occuring in the future.

Recommendations

Ensure that both of the conditions are consistent with each other and check the same thing.

Remediation

The issue was addressed in a later update.