Closed code423n4 closed 2 years ago
This is not an issue because the only reason the chainid is checked is to determine if the chainlink token is needed. If we deploy this contract and ethereum changes its chainid later, assuming the chainlink token address stayed constant which is the most likely outcome, there would be no impact.
Lines of code
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/oracle/ScalingPriceOracle.sol#L85
Vulnerability details
Impact
During the code review, It has been observed only the following chain ids are supported for the chainlink. (1 and 42 - https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/oracle/ScalingPriceOracle.sol#L84) The contracts are not upgradeable therefore If there is any hard fork or new chain support, the contract should be deployed again with supported chain id.
Proof of Concept
https://github.com/code-423n4/2022-03-volt/blob/cec24b859c69d1397ce4048b6e9b8e96410b31dd/contracts/oracle/ScalingPriceOracle.sol#L84
Tools Used
Code Review
Recommended Mitigation Steps
Ensure that the code is tamper resistant when the hard-fork or new chain is supported.