Closed c4-bot-7 closed 7 months ago
C4 Note: this was originally reported in the winning bot race submission. It is not eligible for further awards, but was pulled into this findings repo solely for further review and potential inclusion in the final audit report for completeness, if the judge determines it to be a valid high/medium finding.
Should be QA
GalloDaSballo marked the issue as sufficient quality report
remove Medium label
trust1995 changed the severity to QA (Quality Assurance)
trust1995 marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/tree/main/contracts/DerivativeOracles/PendleChildLpOracle.sol#L40
Vulnerability details
According to Chainlink’s documentation, the
latestAnswer
function is deprecated. https://docs.chain.link/data-feeds/price-feeds/api-reference#latestanswer If no answer is received it will return 0. If chainlink stops support, the function may stop working, causing Oracle price to default to fallback, even though Chainlink Oracle may still be available. This may potentially lead to oracle price manipulation.Assessed type
other