search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

Bad usage of chainlink oracle #551

Closed c4-submissions closed 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/ee1154fcb6f6619cdc9aeda27503d9a2cbf6d8eb/src/oracles/ChainlinkPriceOracle.sol#L37

Vulnerability details

Impact

Bad usage of chainlink oracle, oracle call should consider unusual state of chainlink oracle.

Proof of Concept

Get oracle price direct from latestAnswer.

   function getAssetPrice(address asset) external view onlySupportedAsset(asset) returns (uint256) {
        return AggregatorInterface(assetPriceFeed[asset]).latestAnswer();
    }

Actually, there is many unusual state of chainlink oracle, should consider these bad situations.

  1. check Oracle value stale
  2. check return value 0
  3. check value is extremely high or low, compared to last round data.

Oracle plays an important role in this contract, if an incorrect value is taken, may dos the mint logic or mint an incorrect number of tokens.

Tools Used

manual

Recommended Mitigation Steps

Add proper oracle return value check

Assessed type

Oracle

c4-pre-sort commented 11 months ago

raymondfam marked the issue as sufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #32

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as not a duplicate

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #34

c4-judge commented 10 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid