Closed c4-submissions closed 11 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #32
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as not a duplicate
raymondfam marked the issue as duplicate of #34
fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/ee1154fcb6f6619cdc9aeda27503d9a2cbf6d8eb/src/oracles/ChainlinkPriceOracle.sol#L37
Vulnerability details
Impact
Bad usage of chainlink oracle, oracle call should consider unusual state of chainlink oracle.
Proof of Concept
Get oracle price direct from
latestAnswer
.Actually, there is many unusual state of chainlink oracle, should consider these bad situations.
Oracle plays an important role in this contract, if an incorrect value is taken, may dos the mint logic or mint an incorrect number of tokens.
Tools Used
manual
Recommended Mitigation Steps
Add proper oracle return value check
Assessed type
Oracle