Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Palmy Finance>High findings>The fallback oracle returns zero price when no price information is provided
GeneralOverview
Findings
High (5)Stale prices from oracleZero price from the fallback oracleSuspending a token does not clear the variableThe locked amount is truncated to `int128`An interest portion of collected fees are locked
Medium (3)
Low (1)
Informational (2)
DiscussionTest suiteOracle risksUnused codeTypos
Threat ModelWhat are threat models?FeeDistributor.solLeverager.solVoter.solVotingEscrow.sol
Audit ResultsSummary
Category: Coding Mistakes

The fallback oracle returns zero price when no price information is provided

High Severity
Medium Impact
Low Likelihood

Description

If the oracle does not have price information for the requested asset, the price information in the fallback oracle is used:

function getAssetPrice(address asset) public view override returns (uint256) {
  if (asset == BASE_CURRENCY) {
    return BASE_CURRENCY_UNIT;
  } else {
    int256 price = _adapter.currentPrice(asset);
    if (price > 0) {
      return uint256(price);
    } else {
      return _fallbackOracle.getAssetPrice(asset); 
    }
  }
}

Following is the source code of the getAssetPrice of PalmyFallbackOracle, the fallback oracle contract:

function getAssetPrice(address asset) external view override returns (uint256) {
  return uint256(_prices[asset].price);
}

This function returns zero if the fallback oracle has no price information of the asset. As a result, the asset is priced at zero.

Impact

Because the asset is priced at zero, the asset can be borrowed without enough collateral. This leads to the loss of funds for the particular asset.

Recommendations

Consider checking if the fallback oracle has the price information of the asset when the protocol fetches it.

Remediation

This issue has been acknowledged by Familia Labs Ltd., and a fix was implemented in commit 06d174bd.

Zellic © 2025Back to top ↑