Upgraded Q -> 2 from #254 [1719594414430]

[c4-judge]

Judge has assessed an item in Issue #254 as 2 risk. The relevant finding follows:

[L-5] Chainlink's latestRoundData return stale or incorrect result

Impact

On PriceFeed.sol, you are using latestRoundData, but there is no check if the return value indicates stale data. The current check quoteAnswer > 0 not enough to ensure the staleness .

This could lead to stale prices according to the Chainlink documentation: https://docs.chain.link/data-feeds/price-feeds/historical-data Related report: https://github.com/code-423n4/2021-05-fairside-findings/issues/70

FILE:2024-05-predy/src/PriceFeed.sol

    (, int256 quoteAnswer,,,) = AggregatorV3Interface(_quotePriceFeed).latestRoundData();

        IPyth.Price memory basePrice = IPyth(_pyth).getPriceNoOlderThan(_priceId, VALID_TIME_PERIOD);

        require(basePrice.expo == -8, "INVALID_EXP");

        require(quoteAnswer > 0 && basePrice.price > 0);

https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/PriceFeed.sol#L46-L52

Recommended Mitigation

Incorporate the required checks to ensure the staleness

(, int256 quoteAnswer,,,) = AggregatorV3Interface(_quotePriceFeed).latestRoundData();

+    (uint80 roundID,int256 quoteAnswer,uint256 timestamp,uint256 updatedAt,) = AggregatorV3Interface(_quotePriceFeed).latestRoundData();

        IPyth.Price memory basePrice = IPyth(_pyth).getPriceNoOlderThan(_priceId, VALID_TIME_PERIOD);

+ require(updatedAt >= roundID, "Stale price");
+ require(timestamp != 0,"Round not complete");

+ if (updatedAt < block.timestamp - maxDelayTime) //maxDelayTime minimum allowed delay 
+            revert PRICE_OUTDATED();

        require(basePrice.expo == -8, "INVALID_EXP");

        require(quoteAnswer > 0 && basePrice.price > 0);

[c4-judge]

alex-ppg marked the issue as duplicate of #69

[c4-judge]

alex-ppg marked the issue as partial-75