Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/oracles/ChainlinkOracleProvider.sol#L55
On ChainlinkOracleProvider.sol#L55, we are using latestRoundData, but there are no validations that the data is not stale.
latestRoundData
The current code is:
(, int256 answer, , uint256 updatedAt, ) = AggregatorV2V3Interface(feed).latestRoundData();
But is missing the checks to validate the data is stale
(uint80 round, int256 answer, , uint256 updatedAt, uint80 answeredInRound) = AggregatorV2V3Interface(feed).latestRoundData(); require(answeredInRound >= round, "Stale price");
This could affect in all the logic, including funds.
Duplicate of #17
chase-manning
commented
2 years ago chase-manning
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/oracles/ChainlinkOracleProvider.sol#L55
Vulnerability details
Vulnerability
On ChainlinkOracleProvider.sol#L55, we are using
latestRoundData, but there are no validations that the data is not stale.The current code is:
But is missing the checks to validate the data is stale
This could affect in all the logic, including funds.