Closed sherlock-admin3 closed 2 months ago
1 comment(s) were left on this issue during the judging contest.
0xmystery commented:
Protocol validate chainlink oracle staleness inside the trading module with their own staleness setting across all vaults
bareli
Medium
stale price may happen in "_calculateBaseToQuote"
Summary
There is no check for baseToUSD whether it is zero or not. There is no check for stale price in baseToUSDOracle.latestRoundData();
Vulnerability Detail
function _calculateBaseToQuote() internal view returns ( uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound ) { _checkSequencer();
@>> ) = baseToUSDOracle.latestRoundData(); @>> require(baseToUSD > 0, "Chainlink Rate Error"); // Overflow and div by zero not possible if (invertBase) baseToUSD = (baseToUSDDecimals * baseToUSDDecimals) / baseToUSD;
Impact
stale price can be possible.
Code Snippet
https://github.com/sherlock-audit/2024-06-leveraged-vault/blob/main/leveraged-vaults-private/contracts/oracles/PendlePTOracle.sol#L109
Tool used
Manual Review
Recommendation
@>> require(baseToUSD >= 0, "Chainlink Rate Error"); int256 baseToUSD; ( roundId, baseToUSD, startedAt, updatedAt, answeredInRound @>> ) = baseToUSDOracle.latestRoundData(); @>> require(baseToUSD > 0, "Chainlink Rate Error"); @>> require( updatedAt, >= block.timestamp - HEARTBEAT_TIME);