Cvx3CrvOracle queries chainlink oracles for the prices of DAI, USDC and USDT, however it doesn't require that the response is fresh by checking which round the answer was provided in.
Set as medium severity based on previous precedent. (Improper valuation of collateral for liquidation purposes could result in preventing liquidation of underwater vaults, however this requires an unlikely scenario of chainlink being stale). Could also be argued as low based on maple finding.
Recommended Mitigation Steps
Implement a similar protection on this function as done in vault-v2 codebase.
iamsahu
commented
2 years ago
Handle
TomFrenchBlockchain
Vulnerability details
Impact
Usage of stale prices when querying chainlink oracles.
Proof of Concept
https://github.com/code-423n4/2022-01-yield/blob/e946f40239b33812e54fafc700eb2298df1a2579/contracts/Cvx3CrvOracle.sol#L115-L127
Cvx3CrvOracle queries chainlink oracles for the prices of DAI, USDC and USDT, however it doesn't require that the response is fresh by checking which round the answer was provided in.
See previous similar findings: https://github.com/code-423n4/2021-12-perennial-findings/issues/24 https://github.com/code-423n4/2021-10-mochi-findings/issues/87 https://github.com/code-423n4/2021-04-maple-findings/issues/82
Also see this protection added elsewhere in yield protocol codebase as a result of a previous Code4rena finding: https://github.com/yieldprotocol/vault-v2/pull/187
Set as medium severity based on previous precedent. (Improper valuation of collateral for liquidation purposes could result in preventing liquidation of underwater vaults, however this requires an unlikely scenario of chainlink being stale). Could also be argued as low based on maple finding.
Recommended Mitigation Steps
Implement a similar protection on this function as done in vault-v2 codebase.