toshiSat
commented
1 year ago 👏
Closed code423n4 closed 1 year ago
toshiSat
commented
1 year ago 👏
c4-judge
commented
1 year ago Picodes marked the issue as nullified
c4-judge
commented
1 year ago Picodes marked the issue as not nullified
c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #60
[H-02, H-05, H-06, H-08] mitigation error: No sanity check on Chainlink price feed
https://github.com/asymmetryfinance/smart-contracts/blob/ec582149ae9733eed6b11089cd92ca72ee5425d6/contracts/SafEth/derivatives/Reth.sol#L176-L177 https://github.com/asymmetryfinance/smart-contracts/blob/ec582149ae9733eed6b11089cd92ca72ee5425d6/contracts/SafEth/derivatives/WstEth.sol#L107-L108
Description and recommendation
The mitigation of issues H-02, H-05, H06 and H-08 have introduced a Chainlink price feed. In all of those instances there are no sanity checks on the Chainlink return data, especially that it is not stale. Here is an overview on this matter and how to deal with it.