According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0. Besides, the latestAnswer is reported with 18 decimals for crypto quotes but 8 decimals for FX quotes (See Chainlink FAQ for more details). A best practice is to get the decimals from the oracles instead of hard-coding them in the contract.
Vulnerability Detail
Impact
Code Snippet
function assetPrice(IPriceFeed priceFeed) public view returns (uint256) {
if (address(priceFeed) == BASE_FEED) return basePrice;
int256 price = priceFeed.latestAnswer();
if (price <= 0) revert InvalidPrice();
return uint256(price) * baseFactor;
}
karanctf
medium
Using deprecated Chainlink function latestAnswer
Summary
According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0. Besides, the latestAnswer is reported with 18 decimals for crypto quotes but 8 decimals for FX quotes (See Chainlink FAQ for more details). A best practice is to get the decimals from the oracles instead of hard-coding them in the contract.
Vulnerability Detail
Impact
Code Snippet
https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/PriceFeedWrapper.sol#L31 https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/PriceFeedDouble.sol#L28 https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/utils/IPriceFeed.sol#L7 https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/PriceFeedPool.sol#L36
Tool used
Manual Review
Recommendation
use latestrounddata
Duplicate of #235