Closed c4-submissions closed 11 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #32
raymondfam marked the issue as not a duplicate
raymondfam marked the issue as duplicate of #843
fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/oracles/ChainlinkPriceOracle.sol#L37-L39
Vulnerability details
Impact
getAssetPrice() in ChainlinkPriceOracle.sol doesn't check for stale price
Proof of Concept
getAssetPrice() in ChainlinkPriceOracle directly calls the latestAnswer() and doesn't perform any check if the price obtained is outdated.
This can cause a stale price is used and affect the minting of rsETH.
Tools Used
Manual Review
Recommended Mitigation Steps
Check if the price from Chainlink if stale
Assessed type
Other