Closed sherlock-admin closed 1 year ago
n33k
medium
According to chianlink's documentation, the latest answer returned should be checked against reasonable limits.
There's not check whether the latest answer is in valid range.
function getPriceFromChainlink(address base, address quote) internal view returns (uint256) { (, int256 price,,,) = registry.latestRoundData(base, quote); require(price > 0, "invalid price"); // Extend the decimals to 1e18. return uint256(price) * 10 ** (18 - uint256(registry.decimals(base, quote))); }
The latest answer returned could be wrong if the actual price goes outside minAnswer and maxAnswer. This happened during luna crash.
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/oracle/PriceOracle.sol#L66-L72
Manual Review
Check whether the reported answer is close to reaching minAnswer or maxAnswer. Or use additional reference oracles.
Duplicate of #9
n33k
medium
Oracle does not check if anwser returned from chainlink is in valid range
Summary
According to chianlink's documentation, the latest answer returned should be checked against reasonable limits.
Vulnerability Detail
There's not check whether the latest answer is in valid range.
Impact
The latest answer returned could be wrong if the actual price goes outside minAnswer and maxAnswer. This happened during luna crash.
Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/oracle/PriceOracle.sol#L66-L72
Tool used
Manual Review
Recommendation
Check whether the reported answer is close to reaching minAnswer or maxAnswer. Or use additional reference oracles.
Duplicate of #9