search

sherlock-audit / 2023-07-perennial-judging

2 stars 1 forks source link

kaysoft - Chainlink Oracle Price freshness not checked. #156

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

kaysoft

medium

Chainlink Oracle Price freshness not checked.

Summary

Price freshness from the chainlink oracle not validated

Vulnerability Detail

Price freshness from the chainlink oracle not validated

Impact

Loss of due to use of stale price from oracle

Code Snippet

https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L62

/// @notice Returns the price of ETH in terms of the keeper token
    /// @return The price of ETH in terms of the keeper token
    function _etherPrice() private view returns (UFixed18) {
        (, int256 answer, , ,) = ethTokenOracleFeed().latestRoundData();//@audit oracle freshness.
        return UFixed18Lib.from(Fixed18Lib.ratio(answer, 1e8)); // chainlink eth-usd feed uses 8 decimals
    }

Tool used

Manual Review

Recommendation

Validate the freshness of the price from the oracle.

/// @notice Returns the price of ETH in terms of the keeper token
    /// @return The price of ETH in terms of the keeper token
    function _etherPrice() private view returns (UFixed18) {
        (uint80 roundID, int256 answer, ,uint256 updatedAt ,uint80 answeredInRound) = ethTokenOracleFeed().latestRoundData();//@audit oracle freshness.
++      require(block.timestamp <= updatedAt + stalePriceDelay, "Stale price");
++    require(answeredInRound >= roundID, "Stale price");
        return UFixed18Lib.from(Fixed18Lib.ratio(answer, 1e8)); // chainlink eth-usd feed uses 8 decimals
    }

Duplicate of #159

sherlock-admin commented 1 year ago

2 comment(s) were left on this issue during the judging contest.

141345 commented:

d

n33k commented:

unhandled stale price returned from latestRoundData()