Closed code423n4 closed 2 years ago
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/PriceOracleImplementation.sol#L29
In the function getUnderlyingPrice(), Chainlink's latestAnswer() is used and this function is deprecated and should not be used as this function returns 0 when there is no data rather than giving out error.
Precedent of this issue can be found in (https://github.com/code-423n4/2021-06-tracer-findings/issues/145)
Manual code review
Use latestRoundData instead.
Duplicate of #1
Lines of code
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/PriceOracleImplementation.sol#L29
Vulnerability details
Impact
In the function getUnderlyingPrice(), Chainlink's latestAnswer() is used and this function is deprecated and should not be used as this function returns 0 when there is no data rather than giving out error.
Precedent of this issue can be found in (https://github.com/code-423n4/2021-06-tracer-findings/issues/145)
Proof of Concept
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/PriceOracleImplementation.sol#L29
Tools Used
Manual code review
Recommended Mitigation Steps
Use latestRoundData instead.