Closed c4-submissions closed 11 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #32
raymondfam marked the issue as not a duplicate
raymondfam marked the issue as duplicate of #843
fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/oracles/ChainlinkPriceOracle.sol#L38
Vulnerability details
Impact
The ChainlinkPriceOracle currently lacks a mechanism to verify the freshness of the data fetched from Chainlink. This omission creates a significant risk, as the contract may operate on outdated or stale price data, potentially leading to incorrect calculations or decisions. In particular, the oracle data influences the amount of minted rsETH for deposits.
Recommended Mitigation Steps
Validate the age of the latest round of data when fetching prices from Chainlink.
Assessed type
Oracle