Closed sherlock-admin closed 1 year ago
cccz
medium
Chainlink's latestRoundData might return stale or incorrect results
On PricerInternal, we are using latestRoundData, but there is no check if the return value indicates stale data.
function _latestAnswer64x64() internal view returns (int128) { (, int256 basePrice, , , ) = BaseSpotOracle.latestRoundData(); (, int256 underlyingPrice, , , ) = UnderlyingSpotOracle.latestRoundData(); return ABDKMath64x64.divi(underlyingPrice, basePrice); }
This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/docs/historical-price-data/#historical-rounds https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round
Stale prices might be used.
https://github.com/sherlock-audit/2022-09-knox/blob/main/knox-contracts/contracts/pricer/PricerInternal.sol#L49-L55
Manual Review
Validate data feed by:
Duplicate of #137
cccz
medium
Chainlink's latestRoundData might return stale or incorrect results
Summary
Chainlink's latestRoundData might return stale or incorrect results
Vulnerability Detail
On PricerInternal, we are using latestRoundData, but there is no check if the return value indicates stale data.
This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/docs/historical-price-data/#historical-rounds https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round
Impact
Stale prices might be used.
Code Snippet
https://github.com/sherlock-audit/2022-09-knox/blob/main/knox-contracts/contracts/pricer/PricerInternal.sol#L49-L55
Tool used
Manual Review
Recommendation
Validate data feed by:
Duplicate of #137