Open code423n4 opened 3 years ago
This was a tough one. I thought about it for a while and after reviewing chainlink data I end up in the conclusion that this deserves medium risk. It's not uncommon for chainlink prices to be above 1h old and in the time of big price movements, 1h price lag can significantly influence the protocol.
Handle
a_delamo
Vulnerability details
On
ExchangeRate.sol
, we are usinglatestRoundData
, but there are no validations that the data is not stale.The current code is:
But is missing the checks to validate the data is stale
More information: https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round