The contract Cvx3CrvOracle doesn't check that the data is fress, it call the method latestRoundData, this method allow you to run some extra validations, but these validations were not made.
According to the chain.link documentation:
You can check answeredInRound against the current roundId. If answeredInRound is less than roundId, the answer is being carried over. If answeredInRound is equal to roundId, then the answer is fresh.
Handle
0x1f8b
Vulnerability details
Impact
Unsafe oracle call.
Proof of Concept
The contract
Cvx3CrvOracle
doesn't check that the data is fress, it call the methodlatestRoundData
, this method allow you to run some extra validations, but these validations were not made.According to the chain.link documentation:
So it's required to check something like this:
Reference:
Tools Used
Manual review.
Recommended Mitigation Steps
Apply the mentioned changes.