Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/oracles/ChainlinkUsdWrapper.sol#L64
In ChainlinkUsdWrapper.sol, latestRoundData() is used but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation:
ChainlinkUsdWrapper.sol
latestRoundData()
oracles/ChainlinkUsdWrapper.sol#L64
Check roundId, timestamp and answeredInRound.
roundId
timestamp
answeredInRound
oracles/ChainlinkOracleProvider.sol#L55
Check roundId and answeredInRound.
Manual review
Consider adding checks for stale data. e.g
function _ethPrice() private view returns (int256) { (uint80 roundId, int256 answer, , uint256 timestamp, uint80 answeredInRound) = _ethOracle.latestRoundData(); require(answer > 0, "PRICE: NEGATIVE"); require(answeredInRound >= roundId, "PRICE: STALE PRICE"); // @audit-info add stale check require(timestamp != 0, "PRICE: ROUND INCOMPLETE"); // @audit-info add round incomplete check return answer; }
Duplicate of #17
Lines of code
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/oracles/ChainlinkUsdWrapper.sol#L64
Vulnerability details
Impact
In
ChainlinkUsdWrapper.sol
,latestRoundData()
is used but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation:Proof of Concept
oracles/ChainlinkUsdWrapper.sol#L64
Check
roundId
,timestamp
andansweredInRound
.oracles/ChainlinkOracleProvider.sol#L55
Check
roundId
andansweredInRound
.Tools Used
Manual review
Recommended mitigation steps
Consider adding checks for stale data. e.g