Open code423n4 opened 10 months ago
121, 122, 123, 124, 51
latestAnswer() only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData() instead, and check whether the latest timestamp is within your protocol's limits.
latestAnswer()
latestRoundData()
File: contracts/oracle/implementations/ARBTriCryptoOracle.sol 121: uint256 _btcPrice = uint256(BTC_FEED.latestAnswer()) * 1e10; 122: uint256 _wbtcPrice = uint256(WBTC_FEED.latestAnswer()) * 1e10; 123: uint256 _ethPrice = uint256(ETH_FEED.latestAnswer()) * 1e10; 124: uint256 _usdtPrice = uint256(USDT_FEED.latestAnswer()) * 1e10;
File: contracts/oracle/implementations/SGOracle.sol 51: uint256(UNDERLYING.latestAnswer())) / SG_POOL.totalSupply();
other
Lines of code
121, 122, 123, 124, 51
Vulnerability details
latestAnswer()only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. UselatestRoundData()instead, and check whether the latest timestamp is within your protocol's limits.Assessed type
other