Closed code423n4 closed 3 years ago
s1m0
The function getEtherPrice() doesn't check if the return value is stale data. Stale data would mess up the calculation of amountOutMin for liquidateDai() and liquidateEth().
Check that answeredInRound >= roundId as indicated in Chainlink documentation.
Duplicate of #70
fairside-core
commented
3 years ago
Handle
s1m0
Vulnerability details
Impact
The function getEtherPrice() doesn't check if the return value is stale data. Stale data would mess up the calculation of amountOutMin for liquidateDai() and liquidateEth().
Recommended Mitigation Steps
Check that answeredInRound >= roundId as indicated in Chainlink documentation.