0xrecon 0xhexrecon
0xhexrecon
/ poc-oracle-staleness.test.ts
Created
April 4, 2026 11:05
Granite Protocol — Oracle Staleness PoC (10 tests: AV1 wrongful liquidation + AV2 overborrow + WHALE tests using real aeUSDC market position)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * PoC: Oracle Staleness — Attacker Guarantees Stale Price via `none` VAA | |
| * | |
| * VULNERABILITY: | |
| * All oracle-reading functions (borrow, remove-collateral, liquidate-collateral) | |
| * accept pyth-price-feed-data as (optional (buff 8192)). Passing `none` is | |
| * explicitly a no-op in update-pyth() — it returns SUCCESS immediately WITHOUT | |
| * touching oracle storage. The subsequent read-price() call then uses whatever | |
| * stale price is in storage. | |
| * |