sherlock-admin
commented
1 year ago 2 comment(s) were left on this issue during the judging contest.
141345 commented:
d
n33k commented:
unhandled stale price returned from latestRoundData()
Closed sherlock-admin closed 1 year ago
sherlock-admin
commented
1 year ago 2 comment(s) were left on this issue during the judging contest.
141345 commented:
d
n33k commented:
unhandled stale price returned from latestRoundData()
okolicodes
medium
Not checking for stale prices
Summary
Calls to Oracles doesnt check for stale prices
Vulnerability Detail
None of the oracle calls check for stale prices https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L62
Impact
Oracle price feeds can become stale due to a variety of reasons. Using a stale price will result in incorrect calculations in most of the key functionality of the protocol.
Code Snippet
https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L62
Tool used
Manual Review
Recommendation
Read the updatedAt parameter from the calls to latestRoundData() and compare it to a staleness threshold if (updatedAt < block.timestamp - 60 60 / 1 hour */) { revert("stale price feed"); }
Duplicate of #159