OracleLib
library is designed to check the Chainlink Oracle for stale data, however, the lack of additional validation checks could lead to usage of outdated prices.
In the staleCheckLatestRoundData
function, the contract fetches the asset price from a Chainlink aggregator using the latestRoundData
function. This function checks if the data is stale by comparing the updatedAt
timestamp with the current block.timestamp
. If the difference is greater than a predefined TIMEOUT
, the function reverts.
This approach is largely sound, but it is susceptible to stale data, especially if the Chainlink Oracle fails to update or maintain its data sources. Furthermore, if the Oracle network encounters an issue, funds locked in the protocol are potentially at risk.
If the Chainlink Oracle becomes stale or isn't maintained properly, this could lead to outdated or incorrect prices being used by the contracts that depend on this library. This could ultimately lead to financial loss or inaccurate transactions.
Manual Review
To mitigate this issue, consider implementing additional checks on the return data with proper revert messages if the price is stale or the round is incomplete. For instance:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.