elmutt
commented
1 year ago thanks
Closed code423n4 closed 1 year ago
elmutt
commented
1 year ago thanks
c4-judge
commented
1 year ago Picodes marked the issue as nullified
Picodes
commented
1 year ago Nullifying as the issue is the same as https://github.com/code-423n4/2023-05-asymmetry-mitigation-findings/issues/73
[H-02, H-05, H-06, H-08] mitigation error: No sanity check on Chainlink price feed
https://github.com/asymmetryfinance/smart-contracts/blob/ec582149ae9733eed6b11089cd92ca72ee5425d6/contracts/SafEth/derivatives/Reth.sol#L176-L177 https://github.com/asymmetryfinance/smart-contracts/blob/ec582149ae9733eed6b11089cd92ca72ee5425d6/contracts/SafEth/derivatives/WstEth.sol#L107-L108
Description and recommendation
The mitigation of issues H-02, H-05, H06 and H-08 have introduced a Chainlink price feed. In all of those instances there are no sanity checks on the Chainlink return data, especially that it is not stale. Here is an overview on this matter and how to deal with it.