In the OracleLib.sol
contract's function staleCheckLatestRoundData
we are not checking the staleness completely.
We just validate the difference of block.timestamp - updatedAt
is greater than TIMEOUT
then we revert it, but we forgot to validate the updatedAt
variable.
On the backend, the aggregator is using a getTimestamp mapping mapping(uint256 => uint256) public getTimestamp;
which tracks the update timestamp with round id and in the updateRoundData
this round id is passing to this aggregator. This means any slot which is not updated with a timestamp can return a 0
value.
If we got the 0
value then our staleness validation will be useless and the user can mint more DSC than he should get.
Suppose the ETH price was 2000 in the last round and 1000 DSC could be minted and now the price is 1800 which should mint 900 DSC, but due to stale price, user can still mint 1000 DSC.
Manual Review, Solodit
The function should have these checks;
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.