search

sherlock-audit / 2023-12-ubiquity-judging

2 stars 2 forks source link

bareli - Stale Price Data: #226

Closed sherlock-admin2 closed 6 months ago

sherlock-admin2 commented 6 months ago

bareli

medium

Stale Price Data:

Summary

Stale Price Data: The library checks for stale price data from Chainlink, but the staleness threshold is a critical parameter that must be set appropriately to balance between timely updates and avoiding unnecessary transactions.

Vulnerability Detail

// fetch latest price ( , // roundId int256 answer, // startedAt , uint256 updatedAt,

    ) = // answeredInRound
        priceFeed.latestRoundData();

Impact

staleness threshold is a critical parameter that must be set appropriately to balance between timely updates and avoiding unnecessary transactions.

Code Snippet

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L523

Tool used

Manual Review

Recommendation

Duplicate of #133

sherlock-admin2 commented 6 months ago

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

The issue describes about not checking min/max value from Chainlink for data staleness, but this is not required

sherlock-admin2 commented 6 months ago

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

The issue describes about not checking min/max value from Chainlink for data staleness, but this is not required