search

code-423n4 / 2022-04-phuture-findings

0 stars 0 forks source link

`basePrice` and `quotePrice` values are insufficiently validated #60

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L83-L84

Vulnerability details

Impact

The oracle data feed (basePrice and quotePrice) in refreshedAssetPerBaseInUQ() of ChainlinkPriceOracle.sol will be stale which results in wrong basePrice value and quotePrice value.

Proof of Concept

In refreshedAssetPerBaseInUQ() function, it calls latestRoundData() which only uses basePrice and quotePrice, but it doesn’t check for stale price and round.

Tools Used

vim, ganache-cli

Recommended Mitigation Steps

Check the round and update time:

     (
        roundId,
        price,
        startedAt,
        updatedAt,
        answeredInRound
      ) = aggregator.latestRoundData();
      require(price > 0, "Invalid price");
      require(updatedAt != 0, "Invalid updatedAt");
      require(answeredInRound >= roundId, "Stale price");
olivermehr commented 2 years ago

duplicate of issue #1