The OracleLib
uses Chainlink latestRoundData()
to get the price feed of different assets, but it doesn't have enough checks to be sure price return is valid
The function staleCheckLatestRoundData
checks the updatedAt
to see if the price is stale or not, but it should also check that the value returned answer
is > than 0. This is an important check recommended every time price feeds from chainlinks are used since the value returned can be 0 or less than 0, making the price calculations in DSCEngine.sol
revert.
The price assumptions could be wrong hurting the protocol overall, all the checks need to be done to be sure about that the response from chainlink is not stale and accurate
Manual review
Beside checking updateAt
also do the other necessary checks
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.