15,000 USDC
View results
Submission Details
Severity: medium
Valid

Chainlink's latestRoundData may return incorrect result

Summary

staleCheckLatestRoundData isn't sufficiently validated

Vulnerability Details

The staleCheckLatestRoundData function in the contract OracleLib fetches the ETH price from a Chainlink aggregator using the latestRoundData function. But this function lacks some important checks

Impact

Price may be incorrect

Tools Used

Manual Review

Recommendations

Add following checks

require(answeredInRound >= roundID, "Chainlink Price Stale");
require(price > 0, "Chainlink Malfunction");

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.