In the ChainlinkPriceOracle contract, relying solely on the latestAnswer function poses a potential problem as it lacks the capability to verify crucial aspects of query validity. Issues such as stale data, invalid prices, or incomplete rounds cannot be adequately addressed, highlighting the need for enhanced query validation mechanisms within the Chainlink smart contract.
Tools Used
manual review
Recommended Mitigation Steps
Consider validating the output of latestRoundData() to match the following code snippet:
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/4b34abc952205e2a34bff893a0de0c75b8052149/src/oracles/ChainlinkPriceOracle.sol#L38
Vulnerability details
Impact
In the
ChainlinkPriceOracle
contract, relying solely on thelatestAnswer
function poses a potential problem as it lacks the capability to verify crucial aspects of query validity. Issues such as stale data, invalid prices, or incomplete rounds cannot be adequately addressed, highlighting the need for enhanced query validation mechanisms within the Chainlink smart contract.Tools Used
manual review
Recommended Mitigation Steps
Consider validating the output of latestRoundData() to match the following code snippet:
Assessed type
Invalid Validation