Closed sherlock-admin closed 1 year ago
shtesesamoubiq
false
Chainlink’s latestRoundData might return stale or incorrect results
On PriceOracle.sol , we are using latestRoundData, but there is no check if the return value indicates stale data.
PriceOracle.sol
This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/docs/historical-price-data/#historical-rounds https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round
manual Manual Review
add this checks: require(answeredInRound >= roundID, "Stale price");
price");
require(block.timestamp <= updatedAt + stalePriceDelay, Error.STALE_PRICE);
shtesesamoubiq
false
Chainlink’s latestRoundData might return stale or incorrect results
Summary
Chainlink’s latestRoundData might return stale or incorrect results
Vulnerability Detail
On
PriceOracle.sol, we are using latestRoundData, but there is no check if the return value indicates stale data.Impact
This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/docs/historical-price-data/#historical-rounds https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round
Code Snippet
Tool used
manual Manual Review
Recommendation
add this checks: require(answeredInRound >= roundID, "Stale
price");require(block.timestamp <= updatedAt + stalePriceDelay, Error.STALE_PRICE);