Closed sherlock-admin closed 1 year ago
minhtrng
medium
Checks for stale price data are outdated.
The function getLatestPrice checks for stale data like this:
getLatestPrice
if (answeredInRound < roundID) revert RoundIDOutdated();
According to https://ethereum.stackexchange.com/questions/133890/chainlink-latestrounddata-security-fresh-data-check-usage the variable answeredInRoundId is a legacy variable and the check for staleness should be based on the updatedAt parameter of the latedRoundData function.
answeredInRoundId
updatedAt
latedRoundData
outdated staleness check could cause price data to pass checks even though stale
https://github.com/sherlock-audit/2023-03-Y2K/blob/ae7f210d8fbf21b9abf09ef30edfa548f7ae1aef/Earthquake/src/v2/Controllers/ControllerPeggedAssetV2.sol#L315
Manual Review
Apply the check suggested in the link above.
Duplicate of #70
minhtrng
medium
Outdated staleness check of price feed
Summary
Checks for stale price data are outdated.
Vulnerability Detail
The function
getLatestPricechecks for stale data like this:According to https://ethereum.stackexchange.com/questions/133890/chainlink-latestrounddata-security-fresh-data-check-usage the variable
answeredInRoundIdis a legacy variable and the check for staleness should be based on theupdatedAtparameter of thelatedRoundDatafunction.Impact
outdated staleness check could cause price data to pass checks even though stale
Code Snippet
https://github.com/sherlock-audit/2023-03-Y2K/blob/ae7f210d8fbf21b9abf09ef30edfa548f7ae1aef/Earthquake/src/v2/Controllers/ControllerPeggedAssetV2.sol#L315
Tool used
Manual Review
Recommendation
Apply the check suggested in the link above.
Duplicate of #70