search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

Deprecated ChainLink function latestAnswer() #139

Closed c4-submissions closed 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/c5fdc2e62c5e1d78769f44d6e34a6fb9e40c00f0/src/oracles/ChainlinkPriceOracle.sol#L38

Vulnerability details

Impact

The function is no longer supported by Chainlink oracle and it returns only 0. It is necessary to remove it labeled by Chainlink documentation - https://docs.chain.link/data-feeds/api-reference#latestanswer

Proof of Concept

Tools Used

Manual

Recommended Mitigation Steps

(uint80 roundID, int256 price, , uint256 timeStamp, uint80 answeredInRound) = oracle.latestRoundData();
require(answeredInRound >= roundID, "...");
require(timeStamp != 0, "...");

Assessed type

Oracle

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #34

c4-judge commented 10 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid