search

code-423n4 / 2024-03-revert-lend-findings

6 stars 6 forks source link

Chainlink's `latestRoundData` might return stale results #489

Closed c4-bot-2 closed 3 months ago

c4-bot-2 commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Oracle.sol#L337

Vulnerability details

Impact

Detailed description of the impact of this finding. It can cause stale price.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

On ChainlinkPriceOracle.sol, we are using latestRoundData, but there is no check if the return value indicates stale data.

     (, int256 answer,, uint256 updatedAt,) = feedConfig.feed.latestRoundData();
    if (updatedAt + feedConfig.maxFeedAge < block.timestamp || answer < 0) {
        revert ChainlinkPriceError();
    }

This could lead to stale prices according to the Chainlink documentation:

https://docs.chain.link/docs/historical-price-data/#historical-rounds https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round

Tools Used

Recommended Mitigation Steps

uint80 BaseAnsweredInRound @> (, int256 answer,, uint256 updatedAt,uint80 BaseAnsweredInRound) = feedConfig.feed.latestRoundData(); require(BaseAnsweredInRound >= baseRoundID , "Stale price"); if (updatedAt + feedConfig.maxFeedAge < block.timestamp || answer < 0) { revert ChainlinkPriceError(); }

Assessed type

Oracle

c4-pre-sort commented 4 months ago

0xEVom marked the issue as insufficient quality report

0xEVom commented 4 months ago

answeredInRound is deprecated

c4-pre-sort commented 4 months ago

0xEVom marked the issue as primary issue

c4-judge commented 3 months ago

jhsagd76 marked the issue as unsatisfactory: Invalid