15,000 USDC
View results
Submission Details
Severity: medium
Valid

OracleLib.TIMEOUT is hardcoded and can't handle all tokens

Summary

OracleLib.TIMEOUT is hardcoded and can't handle all tokens

Vulnerability Details

DSCEngine contract can have any amount of different tokens as collateral. Price of this tokens are taken from chainlink price feed and is checked inside OracleLib.

Library check if price is fresh. It uses same timeout for each token, which is incorrect and can't handle all price feeds, as some feeds should be updated often(volatile), while another can be updated rarely(stable).

Impact

Such timeout can't work good for all tokens.

Tools Used

VsCode

Recommendations

Owner should have ability to provide timeout for each token separately.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.