search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

[NAZ-M8] Use Of Deprecated Chainlink Function `latestAnswer` #594

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/utils/TradingLibrary.sol#L113

Vulnerability details

Impact

ParaSpaceOracle should use latestRoundData() function and not the deprecated Chainlink function latestAnswer.

Proof of Concept

Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs.

This API is deprecated. Please see API Reference for the latest Price Feed API. Chainlink Doc

Tools Used

Manual Reveiw

Recommended Mitigation Steps

Use the latestRoundData function to get the price instead. Add checks on the return data with proper revert messages if the price is stale or the round is uncompleted.

GalloDaSballo commented 1 year ago

Cmooooooooooooooon

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #316

c4-judge commented 1 year ago

GalloDaSballo marked the issue as not a duplicate

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #655

c4-judge commented 1 year ago

GalloDaSballo marked the issue as not a duplicate

GalloDaSballo commented 1 year ago

L

c4-judge commented 1 year ago

Duplicate of https://github.com/code-423n4/2022-12-tigris-findings/issues/572

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-b

Simon-Busch commented 1 year ago

Removed duplicate tag as requested by @GalloDaSballo

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-c