c4-submissions commented 11 months ago

Lines of code

Vulnerability details

L38 - The latestAnswer() function of the aggregator is used, in the "ChainLink Price Feeds" section of https://blog.openzeppelin.com/secure-smart-contract-guidelines-the-dangers-of-price-oracles it is explained that this could generate security errors, when using a depreciated version of the oracle. Furthermore, it is not validated that the return is != 0, this would be important since the oracle could be working incorrectly.

Use try/catch and validate that the result of latestAnswer() is != 0.

Oracle

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as primary issue

raymondfam commented 11 months ago

L-02 from the bot.

c4-judge commented 10 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid

fatherGoose1 commented 10 months ago

Reported by bot.

c4-judge commented 10 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid

c4-judge commented 10 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid