The getSqrtPrice function in the PriceFeed.sol contract retrieves the latest price data from an oracle to compute the square root of the price. However, the function does not verify whether the retrieved price data is stale. Using stale data can result in incorrect price calculations, which may impact critical functionality reliant on accurate and up-to-date price information, leading to financial losses or erroneous contract behavior.
Proof of Concept
In the PriceFeed.sol contract, the getSqrtPrice function is implemented as follows:
The function does not check if the quoteAnswer obtained from the oracle is based on stale data. Without this verification, the contract may use outdated prices, leading to incorrect calculations.
Example of Stale Data Impact
If the oracle data is outdated due to network issues, delays, or oracle downtime, the getSqrtPrice function will use old price data, resulting in incorrect price computations. This can affect various functionalities dependent on accurate price feeds, such as asset valuation, trading, and risk management, potentially leading to significant financial losses.
Tools Used
Manual code review
Recommended Mitigation Steps
To ensure the function uses up-to-date price data, implement a check for the updatedAt parameter from the latestRoundData() call and verify that it is within an acceptable time range. Here’s an example of how to refactor the function:
Modify the latestRoundData call to include the updatedAt parameter:
This change ensures that the price data used in the getSqrtPrice function is current and reliable, preventing the use of stale data and maintaining the integrity of the price calculations.
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/e96f378007e3dc56b184079f0c0e4fe48a72efaa/src/PriceFeed.sol#L46
Vulnerability details
Impact
The
getSqrtPrice
function in thePriceFeed.sol
contract retrieves the latest price data from an oracle to compute the square root of the price. However, the function does not verify whether the retrieved price data is stale. Using stale data can result in incorrect price calculations, which may impact critical functionality reliant on accurate and up-to-date price information, leading to financial losses or erroneous contract behavior.Proof of Concept
In the
PriceFeed.sol
contract, thegetSqrtPrice
function is implemented as follows:The function does not check if the
quoteAnswer
obtained from the oracle is based on stale data. Without this verification, the contract may use outdated prices, leading to incorrect calculations.Example of Stale Data Impact
If the oracle data is outdated due to network issues, delays, or oracle downtime, the
getSqrtPrice
function will use old price data, resulting in incorrect price computations. This can affect various functionalities dependent on accurate price feeds, such as asset valuation, trading, and risk management, potentially leading to significant financial losses.Tools Used
Recommended Mitigation Steps
To ensure the function uses up-to-date price data, implement a check for the
updatedAt
parameter from thelatestRoundData()
call and verify that it is within an acceptable time range. Here’s an example of how to refactor the function:Modify the
latestRoundData
call to include theupdatedAt
parameter:This change ensures that the price data used in the
getSqrtPrice
function is current and reliable, preventing the use of stale data and maintaining the integrity of the price calculations.Assessed type
Oracle