When getting latestRoundData, the only variables checked are the updatedAt timestamp and the answer. According to chainlink docs, answeredInRound should be checked to be == roundId,
answeredInRound: The combination of aggregatorAnsweredInRound and phaseId. aggregatorAnsweredInRound: The round the answer was updated in. You can check answeredInRound against the current roundId. If answeredInRound is less than roundId, the answer is being carried over. If answeredInRound is equal to roundId, then the answer is fresh.
deadrxsezzz
medium
Possible stale values from Chainlink oracle
Summary
Insufficient checks are made when receiving values from Chainlink oracle
Vulnerability Detail
When getting latestRoundData, the only variables checked are the
updatedAt
timestamp and theanswer
. According to chainlink docs,answeredInRound
should be checked to be== roundId
,Impact
Stale price might be carried over
Code Snippet
https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/oracle/ChainlinkAdapterOracle.sol#L77-#L98
Tool used
Manual Review
Recommendation
add the following check
Duplicate of #118