search

code-423n4 / 2021-06-tracer-findings

1 stars 0 forks source link

Use latestRoundData instead of latestAnswer #132

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

a_delamo

Vulnerability details

Impact

Use latestRoundData instead of latestAnswer for chainlink Oracles in order to be able to run more validations like

(
            roundId,
            rawPrice,
            ,
            updateTime,
            answeredInRound
        ) = AggregatorV3Interface(source.source).latestRoundData();
        require(rawPrice > 0, "Chainlink price <= 0");
        require(updateTime != 0, "Incomplete round");
        require(answeredInRound >= roundId, "Stale price");

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Recommended Mitigation Steps

raymogg commented 3 years ago

Duplicate of #145

loudoguno commented 3 years ago

changed risk from 1 to 2 as per judges sheet