search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

Deprecated method latestAnswer() is used in ChainlinkPriceOracle contract #717

Closed c4-submissions closed 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/main/src/oracles/ChainlinkPriceOracle.sol#L37-L39

Vulnerability details

Summary

The Chainlink oracle is used to get the token price from the price feed. But the method latestAnswer() has been deprecated as per Chainlink docs.

Vulnerability Details

The method latestAnswer() has been deprecated by Chainlink. latestRoundData() should be used as per their documentation.

https://docs.chain.link/data-feeds/api-reference#latestanswer

Recommendations

Implement the AggregatorV3Interface and use latestRoundData() instead of deprecated latestAnswer()

Assessed type

Oracle

C4-Staff commented 11 months ago

Closing this issue as the warden data are missing.