search

code-423n4 / 2021-05-fairside-findings

0 stars 0 forks source link

Should check return data from Chainlink aggregators #70

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

shw

Vulnerability details

Impact

The getEtherPrice function in the contract FSDNetwork fetches the ETH price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID nor timeStamp, resulting in stale prices.

Proof of Concept

Referenced code: FSDNetwork.sol#L376-L381

Recommended Mitigation Steps

Add checks on the return data with proper revert messages if the price is stale or the round is uncomplete, for example:

(uint80 roundID, int256 price, , uint256 timeStamp, uint80 answeredInRound) = ETH_CHAINLINK.latestRoundData();
require(answeredInRound >= roundID, "...");
require(timeStamp != 0, "...");
fairside-core commented 3 years ago

Fixed in PR#7.

cemozerr commented 3 years ago

Labeling this as medium risk as stale ether price could put funds at risk.