Closed c4-submissions closed 11 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #32
raymondfam marked the issue as not a duplicate
raymondfam marked the issue as primary issue
raymondfam marked the issue as duplicate of #723
fatherGoose1 changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTOracle.sol#L45
Vulnerability details
Missing Fallback Oracle
Impact
Malicious Nodes: As oracles operate on a decentralized network, malicious nodes can manipulate data, causing incorrect execution of smart contracts and misleading outcomes.
Network Outages: Reliance on the internet for data connectivity makes oracles susceptible to network outages, causing delays or failures in contract execution by preventing the oracle from accessing necessary information. https://medium.com/witnet/fallback-oracles-3112038db0a1
Proof of Concept
Tools Used
Manual Review
Recommended Mitigation Steps
To address these vulnerabilities, the use of fallback oracles is crucial. Fallback oracles act as backup systems, stepping in when the primary oracle fails to ensure reliable data provision. They serve as safeguards against data tampering or unavailability, mitigating the risks of smart contract malfunctions and financial losses.
Assessed type
Oracle