fix(pulse-scheduler): validate atomic subscription updates using slots instead of timestamps (#2590)

* feat: add parsePriceFeedUpdatesWithSlots to Pyth contract

* fix: add constants

* fix: use slots (not timestamp) to verify atomic sub update

* refactor: move structs to PythInternalStructs, rename

* feat: bump @pythnetwork/pyth-sdk-solidity version

Author: tejasbadadare

target_chains/ethereum/contracts/contracts/pulse/scheduler/Scheduler.sol

@@ -239,17 +239,21 @@ abstract contract Scheduler is IScheduler, SchedulerState {
         // Parse price feed updates with an expected timestamp range of [-10s, now]
         // We will validate the trigger conditions and timestamps ourselves
         // using the returned PriceFeeds.
-        uint64 maxPublishTime = SafeCast.toUint64(block.timestamp);
-        uint64 minPublishTime = maxPublishTime - 10 seconds;
-        PythStructs.PriceFeed[] memory priceFeeds = pyth.parsePriceFeedUpdates{
+        uint64 curTime = SafeCast.toUint64(block.timestamp);
+        uint64 maxPublishTime = curTime + FUTURE_TIMESTAMP_MAX_VALIDITY_PERIOD;
+        uint64 minPublishTime = curTime - PAST_TIMESTAMP_MAX_VALIDITY_PERIOD;
+        PythStructs.PriceFeed[] memory priceFeeds;
+        uint64[] memory slots;
+        (priceFeeds, slots) = pyth.parsePriceFeedUpdatesWithSlots{
             value: pythFee
         }(updateData, priceIds, minPublishTime, maxPublishTime);
 
-        // Verify all price feeds have the same timestamp
-        uint256 timestamp = priceFeeds[0].price.publishTime;
-        for (uint8 i = 1; i < priceFeeds.length; i++) {
-            if (priceFeeds[i].price.publishTime != timestamp) {
-                revert PriceTimestampMismatch();
+        // Verify all price feeds have the same Pythnet slot.
+        // All feeds in a subscription must be updated at the same time.
+        uint64 slot = slots[0];
+        for (uint8 i = 1; i < slots.length; i++) {
+            if (slots[i] != slot) {
+                revert PriceSlotMismatch();
             }
         }
 
@@ -291,7 +295,6 @@ abstract contract Scheduler is IScheduler, SchedulerState {
 
     /**
      * @notice Validates whether the update trigger criteria is met for a subscription. Reverts if not met.
-     * @dev This function assumes that all updates in priceFeeds have the same timestamp. The caller is expected to enforce this invariant.
      * @param subscriptionId The ID of the subscription (needed for reading previous prices).
      * @param params The subscription's parameters struct.
      * @param status The subscription's status struct.
@@ -303,9 +306,16 @@ abstract contract Scheduler is IScheduler, SchedulerState {
         SubscriptionStatus storage status,
         PythStructs.PriceFeed[] memory priceFeeds
     ) internal view returns (bool) {
-        // SECURITY NOTE: this check assumes that all updates in priceFeeds have the same timestamp.
-        // The caller is expected to enforce this invariant.
-        uint256 updateTimestamp = priceFeeds[0].price.publishTime;
+        // Use the most recent timestamp, as some asset markets may be closed.
+        // Closed markets will have a publishTime from their last trading period.
+        // Since we verify all updates share the same Pythnet slot, we still ensure
+        // that all price feeds are synchronized from the same update cycle.
+        uint256 updateTimestamp = 0;
+        for (uint8 i = 0; i < priceFeeds.length; i++) {
+            if (priceFeeds[i].price.publishTime > updateTimestamp) {
+                updateTimestamp = priceFeeds[i].price.publishTime;
+            }
+        }
 
         // Reject updates if they're older than the latest stored ones
         if (

target_chains/ethereum/contracts/contracts/pulse/scheduler/SchedulerErrors.sol

@@ -9,7 +9,7 @@ error InvalidPriceId(bytes32 providedPriceId, bytes32 expectedPriceId);
 error InvalidPriceIdsLength(bytes32 providedLength, bytes32 expectedLength);
 error InvalidUpdateCriteria();
 error InvalidGasConfig();
-error PriceTimestampMismatch();
+error PriceSlotMismatch();
 error TooManyPriceIds(uint256 provided, uint256 maximum);
 error UpdateConditionsNotMet();
 error TimestampOlderThanLastUpdate(

target_chains/ethereum/contracts/contracts/pulse/scheduler/SchedulerState.sol

@@ -12,6 +12,14 @@ contract SchedulerState {
     /// Default max fee multiplier
     uint32 public constant DEFAULT_MAX_PRIORITY_FEE_MULTIPLIER_CAP_PCT = 10_000;
 
+    // TODO: make these updateable via governance
+    /// Maximum time in the past (relative to current block timestamp)
+    /// for which a price update timestamp is considered valid
+    uint64 public constant PAST_TIMESTAMP_MAX_VALIDITY_PERIOD = 1 hours;
+    /// Maximum time in the future (relative to current block timestamp)
+    /// for which a price update timestamp is considered valid
+    uint64 public constant FUTURE_TIMESTAMP_MAX_VALIDITY_PERIOD = 10 seconds;
+
     struct State {
         /// Monotonically increasing counter for subscription IDs
         uint256 subscriptionNumber;