search

sherlock-audit / 2023-12-flatmoney-judging

11 stars 9 forks source link

Avci - OracleModule will return the wrong price if the Chainlink aggregator returns price outside min/max range #290

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 8 months ago

Avci

medium

OracleModule will return the wrong price if the Chainlink aggregator returns price outside min/max range

Summary

OracleModule will return the wrong price if the Chainlink aggregator returns price outside min/max range

Vulnerability Detail

_getOnchainPrice() only check price > 0 not are they within the correct range

Impact

The wrong price may be returned in the event of a market crash.

Code Snippet

function _getOnchainPrice() internal view returns (uint256 price, uint256 timestamp) {
        IChainlinkAggregatorV3 oracle = onchainOracle.oracleContract;
        if (address(oracle) == address(0)) revert FlatcoinErrors.ZeroAddress("oracle");

        (, int256 _price, , uint256 updatedAt, ) = oracle.latestRoundData();
        timestamp = updatedAt;
        // check Chainlink oracle price updated within `maxAge` time.
        if (block.timestamp > timestamp + onchainOracle.maxAge)
            revert FlatcoinErrors.PriceStale(FlatcoinErrors.PriceSource.OnChain);

        if (_price > 0) {
            price = uint256(_price) * (10 ** 10); // convert Chainlink oracle decimals 8 -> 18
        } else {
            // Issue with onchain oracle indicates a serious problem
            revert FlatcoinErrors.PriceInvalid(FlatcoinErrors.PriceSource.OnChain);
        }
    }

https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/OracleModule.sol#L141-L157

Tool used

Manual Review

Recommendation

consider checking for min and max price.

Duplicate of #134

sherlock-admin commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid