function getPriceFromChainlink(address _tokenAddress) public view returns (uint256) {
AggregatorV3Interface aggregator = aggregators[_tokenAddress];
if (address(aggregator) != address(0)) {
(, int256 answer, , , ) = aggregator.latestRoundData();
// It's fine for price to be 0. We have two price feeds.
if (answer == 0) {
return 0;
}
// Extend the decimals to 1e18.
uint256 retVal = uint256(answer);
uint256 price = retVal.mul(10**(18 - uint256(aggregator.decimals())));
return price;
}
return 0;
}
On ConnextPriceOracle.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation:
Chainlink's
latestRoundData
might return stale or incorrect resultsLines of code
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/helpers/ConnextPriceOracle.sol#L122-L140
Vulnerability details
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/helpers/ConnextPriceOracle.sol#L122-L140
On
ConnextPriceOracle.sol
, we are usinglatestRoundData
, but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation:Recommendation
Consider adding missing checks for stale data.
For example: