the function getPriceAndDecimals have check that it check if the round id is equal to the answer in round ID. this check should be change to >= because some roundID may get the data/answers in the round that is more than the roundId and this case is possible in chainlink oracle as most of protocol set the check to answeredInRound >= roundId
Proof of Concept
the function getPriceAndDecimals checks for the answer round id like this:
function getPriceAndDecimals(
address oracleAddress
) public view returns (int256, uint8) {
(
uint80 roundId,
int256 price,
,
,
uint80 answeredInRound
) = AggregatorV3Interface(oracleAddress).latestRoundData();
bool valid = price > 0 && answeredInRound == roundId;
require(valid, "CLCOracle: Oracle data is invalid");
uint8 oracleDecimals = AggregatorV3Interface(oracleAddress).decimals();
return (price, oracleDecimals); /// price always gt 0 at this point
}
in this case if the oracle got the answer in round id that is bigger than the roundID then the function will revert always.
Tools Used
N/A
Recommended Mitigation Steps
recommend to change the check from:
answeredInRound == roundId
to:
answeredInRound >= roundId
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Oracles/ChainlinkCompositeOracle.sol#L190
Vulnerability details
Impact
the function
getPriceAndDecimals
have check that it check if the round id is equal to the answer in round ID. this check should be change to>=
because some roundID may get the data/answers in the round that is more than theroundId
and this case is possible in chainlink oracle as most of protocol set the check toansweredInRound >= roundId
Proof of Concept
the function
getPriceAndDecimals
checks for the answer round id like this:in this case if the oracle got the answer in round id that is bigger than the
roundID
then the function will revert always.Tools Used
N/A
Recommended Mitigation Steps
recommend to change the check from:
answeredInRound == roundId
to:answeredInRound >= roundId
Assessed type
Oracle