Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/ChainlinkPriceOracle.sol#L83-L86
Price can be stale which can lead to wrong assetPerBaseInUQ return value
Oracle data feed is insufficiently validated. There is no check for stale price and round completeness.
Manual review, similar issue was found in yield contest - https://github.com/code-423n4/2022-01-yield-findings/issues/136
Validate data feed
(uint80 roundID, int256 basePrice, , uint256 timestamp, uint80 answeredInRound) = baseAggregator.latestRoundData(); require(basePrice > 0, "ChainLink: Base price <= 0"); require(answeredInRound >= roundID, "ChainLink: Stale price"); require(timestamp > 0, "ChainLink: Round not complete"); (roundID, int256 quotePrice, , timestamp, answeredInRound) = assetInfo.aggregator.latestRoundData(); require(usdcPrice > 0, "ChainLink: Quote price <= 0"); require(answeredInRound >= roundID, "ChainLink: Stale price"); require(timestamp > 0, "ChainLink: round not complete");
Duplicate of issue #1
olivermehr
commented
2 years ago olivermehr
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/ChainlinkPriceOracle.sol#L83-L86
Vulnerability details
Impact
Price can be stale which can lead to wrong assetPerBaseInUQ return value
Proof of Concept
Oracle data feed is insufficiently validated. There is no check for stale price and round completeness.
Tools Used
Manual review, similar issue was found in yield contest - https://github.com/code-423n4/2022-01-yield-findings/issues/136
Recommended Mitigation Steps
Validate data feed