Closed sherlock-admin closed 1 year ago
ak1
high
wstETHChainlinkOracle.sol#L26-L44 : valid time check is missed while getting the price feed data.
int256 baseAnswer; ( roundId, baseAnswer, startedAt, updatedAt, answeredInRound ) = baseOracle.latestRoundData(); require(baseAnswer > 0, "Chainlink Rate Error"); answer = baseAnswer * wstETH.stEthPerToken().toInt() / baseDecimals;
updatedAt could be zero. If it zero, price calculation should not be allowed.
updatedAt
The data obtained could be invalid but not the latest.
https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/oracles/wstETHChainlinkOracle.sol#L33-L43
Manual Review
Check for time whether it is zero. if it zero, revert the price calculation. Add the below check before calculating the answer require(updatedAt != 0, "updatedAt== 0 !");
answer
require(updatedAt != 0, "updatedAt== 0 !");
Duplicate of #133
ak1
high
wstETHChainlinkOracle.sol#L26-L44 : valid time check is missed while getting the price feed data.
Summary
wstETHChainlinkOracle.sol#L26-L44 : valid time check is missed while getting the price feed data.
Vulnerability Detail
updatedAtcould be zero. If it zero, price calculation should not be allowed.Impact
The data obtained could be invalid but not the latest.
Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/oracles/wstETHChainlinkOracle.sol#L33-L43
Tool used
Manual Review
Recommendation
Check for time whether it is zero. if it zero, revert the price calculation. Add the below check before calculating the
answerrequire(updatedAt != 0, "updatedAt== 0 !");Duplicate of #133