Submission Details
Severity:
OracleLib.sol#staleCheckLatestRoundData() - Chainlink can return a stale/invalid price
Summary
Chainlink can return a stale price
Vulnerability Details
Currently there is only a check on updatedAt. This could lead to stale prices according to the Chainlink documentation:
Also in extreme cases the price can drop to zero which can lead to disastrous results. We have to add checks for all the relevant cases.
Impact
Using the incorrect price will result in incorrect prices across the entire protocol which can lead to incorrect minting/burning of DSC and incorrect logic for checking a users health factor (_revertIfHealthFactorIsBroken).
Tools Used
Manual review
Recommendations
function staleCheckLatestRoundData(AggregatorV3Interface priceFeed)
public
view
returns (uint80, int256, uint256, uint256, uint80)
{
(uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData();
// Add these extra checks.
require(updatedAt >= roundId, "Stale price");
require(startedAt != 0,"Round not complete");
require(answer > 0,"Chainlink answer reporting 0");
uint256 secondsSince = block.timestamp - updatedAt;
if (secondsSince > TIMEOUT) revert OracleLib__StalePrice();
return (roundId, answer, startedAt, updatedAt, answeredInRound);
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
23664 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.