Oracle price feeds can become stale due to a variety of reasons. Using a stale price will result in incorrect calculations in the liquidation functionality.
Recommended Mitigation Steps
Read the updatedAt parameter from the calls to latestRoundData() and verify that it isn't older than a set amount, eg:
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/2fb1e0ec7a52fc06c2e9c8e561bccba84302e4bb/src/PriceFeed.sol#L46-L46
Vulnerability details
The
updatedAt
timestamp in the Chainlink price feed response is not checked. So outdated prices may be used.Impact
Oracle price feeds can become stale due to a variety of reasons. Using a stale price will result in incorrect calculations in the liquidation functionality.
Recommended Mitigation Steps
Read the
updatedAt
parameter from the calls to latestRoundData() and verify that it isn't older than a set amount, eg:Assessed type
Oracle