search

code-423n4 / 2024-02-wise-lending-findings

11 stars 8 forks source link

ChainLink pricer is using a deprecated API #5

Closed c4-bot-7 closed 7 months ago

c4-bot-7 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-02-wise-lending/tree/main/contracts/DerivativeOracles/PendleChildLpOracle.sol#L40

Vulnerability details

According to Chainlink’s documentation, the latestAnswer function is deprecated. https://docs.chain.link/data-feeds/price-feeds/api-reference#latestanswer If no answer is received it will return 0. If chainlink stops support, the function may stop working, causing Oracle price to default to fallback, even though Chainlink Oracle may still be available. This may potentially lead to oracle price manipulation.


File: PendleChildLpOracle.sol

40: return priceFeedPendleLpOracle.latestAnswer()

Assessed type

other

thebrittfactor commented 8 months ago

C4 Note: this was originally reported in the winning bot race submission. It is not eligible for further awards, but was pulled into this findings repo solely for further review and potential inclusion in the final audit report for completeness, if the judge determines it to be a valid high/medium finding.

GalloDaSballo commented 7 months ago

Should be QA

c4-pre-sort commented 7 months ago

GalloDaSballo marked the issue as sufficient quality report

vm06007 commented 7 months ago

remove Medium label

c4-judge commented 7 months ago

trust1995 changed the severity to QA (Quality Assurance)

c4-judge commented 7 months ago

trust1995 marked the issue as grade-c