c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-submissions closed 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #273
c4-judge
commented
10 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/oracles/ChainlinkPriceOracle.sol#L27
Vulnerability details
Impact
The ChainlinkPriceOracle contract does not initialize default price feed mappings for supported assets. This means calling the getAssetPrice function before explicitly setting a feed will result in a revert instead of a defined failure response.
Details:
The contract relies on price feeds stored in a mapping but does not populate this mapping on deployment. If getAssetPrice is called before any feeds are set using updatePriceFeedFor, it will throw an error. A more user-friendly failure response should be returned instead of an unexpected revert in this case.
Tools Used
Recommended Mitigation Steps
Assessed type
Oracle