elmutt
commented
1 year ago thanks.
my understanding is that answeredInRound is deprecated: https://docs.chain.link/data-feeds/api-reference
we will add the other change tho
Closed c4-submissions closed 12 months ago
elmutt
commented
1 year ago thanks.
my understanding is that answeredInRound is deprecated: https://docs.chain.link/data-feeds/api-reference
we will add the other change tho
elmutt
commented
1 year ago 
0xleastwood
commented
1 year ago I'm not sure if updating cl.answer >= 0 to cl.answer > 0 is deservedly a medium severity issue. When would this even be the case?
c4-judge
commented
1 year ago 0xleastwood marked the issue as primary issue
Rassska
commented
1 year ago @0xleastwood, very unlikely that the price will drop to 0. Anyways, agreed on the decision being made regarding the severity, since it looks more like an assertion over the sanity check.
0xleastwood
commented
1 year ago @0xleastwood, very unlikely that the price will drop to 0. Anyways, agreed on the decision being made regarding the severity, since it looks more like an assertion over the sanity check.
IIRC, non-functional oracles may return a negative value which should be validated but I think any non-negative values are acceptable values. Downgrading to QA.
c4-judge
commented
1 year ago 0xleastwood changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago 0xleastwood marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-09-asymmetry/blob/main/contracts/strategies/votium/VotiumStrategyCore.sol#L156-L186
Vulnerability details
Vulnerability Details
Recommended Mitigation Steps
Short term:
cl.answer >= 0withcl.answer > 0block.timestamp - cl.updatedAt <= 25 hoursensure that the answer was computed in the last round by addingansweredInRound >= roundIdLong term: N/A
Assessed type
Oracle