c4-pre-sort
commented
11 months ago raymondfam marked the issue as sufficient quality report
Closed c4-submissions closed 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as sufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #32
c4-pre-sort
commented
11 months ago raymondfam marked the issue as not a duplicate
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #843
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/oracles/ChainlinkPriceOracle.sol#L38
Vulnerability details
Impact
The ChainlinkPriceOracle currently lacks a mechanism to verify the freshness of the data fetched from Chainlink. This omission creates a significant risk, as the contract may operate on outdated or stale price data, potentially leading to incorrect calculations or decisions. In particular, the oracle data influences the amount of minted rsETH for deposits.
Recommended Mitigation Steps
Validate the age of the latest round of data when fetching prices from Chainlink.
Assessed type
Oracle