the check for the `roundId == answeredInRound` should be set to `>=` in the `ChainlinkCompositeOracle.sol#getPriceAndDecimals`

[code423n4]

Lines of code

https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Oracles/ChainlinkCompositeOracle.sol#L190

Vulnerability details

Impact

the function getPriceAndDecimals have check that it check if the round id is equal to the answer in round ID. this check should be change to >= because some roundID may get the data/answers in the round that is more than the roundId and this case is possible in chainlink oracle as most of protocol set the check to answeredInRound >= roundId

Proof of Concept

the function getPriceAndDecimals checks for the answer round id like this:

function getPriceAndDecimals(
        address oracleAddress
    ) public view returns (int256, uint8) {
        (
            uint80 roundId,
            int256 price,
            ,
            ,
            uint80 answeredInRound
        ) = AggregatorV3Interface(oracleAddress).latestRoundData();
        bool valid = price > 0 && answeredInRound == roundId;
        require(valid, "CLCOracle: Oracle data is invalid");
        uint8 oracleDecimals = AggregatorV3Interface(oracleAddress).decimals();

        return (price, oracleDecimals); /// price always gt 0 at this point
    }

in this case if the oracle got the answer in round id that is bigger than the roundID then the function will revert always.

Tools Used

N/A

Recommended Mitigation Steps

recommend to change the check from: answeredInRound == roundId to: answeredInRound >= roundId

Assessed type

Oracle

[0xSorryNotSorry]

OOS --> [M‑02] Insufficient oracle validation

[c4-pre-sort]

0xSorryNotSorry marked the issue as low quality report

[c4-judge]

alcueca marked the issue as unsatisfactory: Invalid