search

code-423n4 / 2024-05-predy-findings

10 stars 9 forks source link

Poorly inspected feeding system #131

Closed howlbot-integration[bot] closed 4 months ago

howlbot-integration[bot] commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/PriceFeed.sol#L46

Vulnerability details

Impact

The PriceFeedFactory fetches the asset price from a Chainlink aggregator using the getSqrtPricefunction. However, there are no checks if the price is stale and valid.

According to Chainlink's documentation, This function does not error if no answer has been reached but returns 0, causing an incorrect price fed. The external Chainlink oracle, which provides index price information to the system, introduces risk inherent to any dependency on third-party data sources. For example, the oracle could fall behind or otherwise fail to be maintained, resulting in outdated data being fed to the index price calculations of the liquidity.

Proof of Concept

There is no validation to check if the answer (or price) received was actually a stale one. Reasons for a price feed to stop updating are listed here(https://ethereum.stackexchange.com/questions/133242/how-future-resilient-is-a-chainlink-price-feed/133843#133843).

Using a stale price in the application can result in wrong calculations. https://docs.chain.link/data-feeds/api-reference

Tools Used

Manual Audit

Recommended Mitigation Steps

- (,int256 priceEurUsd,,,) = Chainlink.AggregatorV3Interface(eurUsd).latestRoundData();
+(,int256 priceEurUsd,, uint256 updatedAt,) = Chainlink.AggregatorV3Interface(eurUsd).latestRoundData();

+ if (priceEurUsd <= 0) {
+    revert("invalid price data");
+ }

+ if (updatedAt < block.timestamp - 60 * 60 /* 1 hour */) {
+   revert("Stale Price");
+}

Assessed type

Oracle

c4-judge commented 4 months ago

alex-ppg marked the issue as satisfactory