This vulnerability report addresses an issue related to the retrieval of asset prices from the Chainlink Oracle in the provided code snippet. The vulnerability arises from the incorrect usage of the latestRoundData() function, which can lead to inaccurate price data.
Vulnerability Detail
The vulnerability occurs due to the misconception about the behavior of the latestRoundData() function. The code snippet assumes that calling this function retrieves the current price of an asset, which is incorrect. Instead, the latestRoundData() function returns the latest updated price from the oracle, which may not reflect the most current market price. This misconception can lead to inaccurate price calculations and potentially result in financial losses.
Impact
If the retrieved price does not accurately represent the current market price, it can result in incorrect asset valuations. This can lead to incorrect calculations of positions, collateral, or liquidation thresholds, potentially impacting the overall financial stability of the system and financial loss
Hama
medium
Inaccurate Price Retrieval from Chainlink Oracle
Summary
This vulnerability report addresses an issue related to the retrieval of asset prices from the Chainlink Oracle in the provided code snippet. The vulnerability arises from the incorrect usage of the latestRoundData() function, which can lead to inaccurate price data.
Vulnerability Detail
The vulnerability occurs due to the misconception about the behavior of the latestRoundData() function. The code snippet assumes that calling this function retrieves the current price of an asset, which is incorrect. Instead, the latestRoundData() function returns the latest updated price from the oracle, which may not reflect the most current market price. This misconception can lead to inaccurate price calculations and potentially result in financial losses.
Impact
If the retrieved price does not accurately represent the current market price, it can result in incorrect asset valuations. This can lead to incorrect calculations of positions, collateral, or liquidation thresholds, potentially impacting the overall financial stability of the system and financial loss
Code Snippet
https://github.com/sherlock-audit/2023-04-hubble-exchange/blob/main/hubble-protocol/contracts/Oracle.sol#L33 (,answer,,,) = AggregatorV3Interface(chainLinkAggregatorMap[underlying]).latestRoundData();
Tool used
Manual Review
Recommendation
Don't fetch the latest price, you have to call the oracle to update the price. And then wait for the callback.