Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L524
On ChainlinkPriceOracle.sol, we are using latestRoundData, but there is no check if the return value indicates stale data.
File: contracts/FraxlendPairCore.sol
(, int256 _answer, , , ) = AggregatorV3Interface(oracleMultiply).latestRoundData();
(, int256 _answer, , , ) = AggregatorV3Interface(oracleDivide).latestRoundData();
https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L532
This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/docs/historical-price-data/#historical-rounds https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round
as seen in previous contests. ex: https://code4rena.com/reports/2022-04-phuture/#m-02-chainlinks-latestrounddata-might-return-stale-or-incorrect-results
github
Consider adding missing checks for stale data.
This is part of the 'Known issues' (AKA out of scope):
Chainlink oracles can provide outdated answers
Out of scope part of known issues
Duplicate of #179
Lines of code
https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L524
Vulnerability details
Impact
On ChainlinkPriceOracle.sol, we are using latestRoundData, but there is no check if the return value indicates stale data.
Proof of Concept
File: contracts/FraxlendPairCore.sol
https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L524
https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L532
This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/docs/historical-price-data/#historical-rounds https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round
as seen in previous contests. ex: https://code4rena.com/reports/2022-04-phuture/#m-02-chainlinks-latestrounddata-might-return-stale-or-incorrect-results
Tools Used
github
Recommended Mitigation Steps
Consider adding missing checks for stale data.