roundId and answeredInRound are also returned. "You can check answeredInRound against the current roundId. If answeredInRound is less than roundId, the answer is being carried over. If answeredInRound is equal to roundId, then the answer is fresh."
A read can revert if the caller is requesting the details of a round that was invalid or has not yet been answered. If you are deriving a round ID without having observed it before, the round might not be complete. To check the round, validate that the timestamp on that round is not 0.
Ignite
medium
Insufficient Price Oracle Validation
Summary
The current implementation of
PriceOracle.sol#getPriceFromChainlink()lacks a freshness check, which can result in the usage of stale prices.Vulnerability Detail
Based on https://docs.chain.link/docs/historical-price-data, the following steps can be taken to avoid using a stale price returned by the Chainlink price feed.
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/oracle/PriceOracle.sol#L66-L72
The lack of necessary checks when using the latestRoundData() function implies that the returned price may be incorrect.
Impact
This could lead to incorrect or stale prices, which may result in invalid calculations.
Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/oracle/PriceOracle.sol#L66-L72
Tool used
Manual Review
Recommendation
Add the following checks:
Duplicate of #9