Chainlink’s latestRoundData might return stale or incorrect results
Summary
The ChainlinkAdapter calls out to a Chainlink oracle receiving the latestRoundData(). If there is a problem with Chainlink starting a new round and finding consensus on the new value for the oracle (e.g. Chainlink nodes abandon the oracle, chain congestion, vulnerability/attacks on the chainlink system) consumers of this contract may continue using outdated stale or incorrect data (if oracles are unable to submit no new round is started).
bareli
medium
Chainlink’s latestRoundData might return stale or incorrect results
Summary
The ChainlinkAdapter calls out to a Chainlink oracle receiving the latestRoundData(). If there is a problem with Chainlink starting a new round and finding consensus on the new value for the oracle (e.g. Chainlink nodes abandon the oracle, chain congestion, vulnerability/attacks on the chainlink system) consumers of this contract may continue using outdated stale or incorrect data (if oracles are unable to submit no new round is started).
Vulnerability Detail
@> (, int256 oraclePriceUSDInt, , uint256 updatedAt, ) = feed.latestRoundData();
Impact
stale price.
Code Snippet
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/valantis-hot/src/HOTOracle.sol#L142
Tool used
Manual Review
Recommendation
require(oraclePriceUSDInt>0);