search

code-423n4 / 2022-10-inverse-findings

0 stars 0 forks source link

`Oracle.sol` uses deprecated Chainlink method `latestAnswer()` #565

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-10-inverse/blob/cc281e5800d5860c816138980f08b84225e430fe/src/Oracle.sol#L82 https://github.com/code-423n4/2022-10-inverse/blob/cc281e5800d5860c816138980f08b84225e430fe/src/Oracle.sol#L116

Vulnerability details

Proof of Concept

Chainlink has market the latestAnswer() method as **deprecated** for his price feeds, but the code is using it.

Impact

The latestAnswer() method just returns the price and has no way to check if it is stale. If the project is using a stale price it can result in miscalculations of collateral price and in value stolen from the protocol.

Recommendation

Use the latestRoundData function to get the price instead. Add checks on the return data with proper revert messages if the price is stale or the round is uncomplete, for example:

(uint80 roundID, int256 price, , uint256 timeStamp, uint80 answeredInRound) = feed.latestRoundData();
require(answeredInRound >= roundID, "...");
require(timeStamp != 0, "...");
neumoxx commented 1 year ago

Duplicate of #601

c4-judge commented 1 year ago

0xean marked the issue as duplicate

Simon-Busch commented 1 year ago

Issue marked as satisfactory as requested by 0xean

c4-judge commented 1 year ago

Simon-Busch marked the issue as duplicate of #584