# TWAP Oracles

{% hint style="info" %}
[**Book an audit with Zokyo**](https://www.zokyo.io/)
{% endhint %}

## [TWAP Oracle inflexible `_updatePeriod`](https://github.com/code-423n4/2021-11-vader-findings/issues/136)

#### Impact

The `TWAP` oracles’ update intervals inherently embody the risk level associated with an asset. Frequent updates, while ensuring an asset’s accurate valuation, open avenues for potential price manipulation. This risk, however, should be mitigated for assets demonstrating stability. Conversely, extended update intervals offer protection against manipulation but fall short in providing real-time asset valuations due to the inherent lag between updates. It is imperative to weigh an asset’s volatility when determining appropriate update intervals. Nonetheless, the `TwapOracle.sol` contract in Vader disregards such nuances. Not only is `_updatePeriod` unmodifiable post-contract deployment, but it is also uniformly applied across all assets, neglecting the varying risk profiles each asset presents. This uniform application could potentially facilitate price manipulation or result in assets being inaccurately priced.

## [TWAP large prices are weighted a lot stronger than low prices](https://github.com/code-423n4/2021-11-vader-findings/issues/173)

The function appears to iterate through all registered pairs that include the specified `token` parameter (either USDV or VADER). It sums up the price per token of each foreign token pair (sumNative) and then divides this total by the aggregate USD price of these foreign token pairs (sumUSD).

The function seemingly attempts to derive an average price, but its methodology may not be effective due to the undue weight it gives to higher prices.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-15-oracles/found-vulnerabilities-in-oracle-implementations/twap-oracles.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.