The ChainlinkPriceOracle contract does not initialize default price feed mappings for supported assets. This means calling the getAssetPrice function before explicitly setting a feed will result in a revert instead of a defined failure response.
Details:
The contract relies on price feeds stored in a mapping but does not populate this mapping on deployment.
If getAssetPrice is called before any feeds are set using updatePriceFeedFor, it will throw an error.
A more user-friendly failure response should be returned instead of an unexpected revert in this case.
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/oracles/ChainlinkPriceOracle.sol#L27
Vulnerability details
Impact
The ChainlinkPriceOracle contract does not initialize default price feed mappings for supported assets. This means calling the getAssetPrice function before explicitly setting a feed will result in a revert instead of a defined failure response.
Details:
The contract relies on price feeds stored in a mapping but does not populate this mapping on deployment. If getAssetPrice is called before any feeds are set using updatePriceFeedFor, it will throw an error. A more user-friendly failure response should be returned instead of an unexpected revert in this case.
Tools Used
Recommended Mitigation Steps
Assessed type
Oracle