Closed sherlock-admin closed 1 year ago
ArbitraryExecution
medium
The _latestAnswer64x64 function in the PricerInternal contract is used to determine the current price for the underlying asset. There is however no check to ensure that the data returned is recent enough to be valid.
function _latestAnswer64x64() internal view returns (int128) { (, int256 basePrice, , , ) = BaseSpotOracle.latestRoundData(); (, int256 underlyingPrice, , , ) = UnderlyingSpotOracle.latestRoundData(); return ABDKMath64x64.divi(underlyingPrice, basePrice); }
Use best practices to ensure that the data is valid. For example, consider checking against the updatedAt variable returned in the result data.
Duplicate of #137
ArbitraryExecution
medium
Stale data in Oracle data feed
The _latestAnswer64x64 function in the PricerInternal contract is used to determine the current price for the underlying asset. There is however no check to ensure that the data returned is recent enough to be valid.
Recommendation
Use best practices to ensure that the data is valid. For example, consider checking against the updatedAt variable returned in the result data.
Duplicate of #137