15,000 USDC
View results
Submission Details
Severity: medium
Valid

Not enough check of oracle price

Summary

Not enough check of oracle price inside staleCheckLatestRoundData function.

Vulnerability Details

When price is fetched from chainlink oracle price feed, then OracleLib.staleCheckLatestRoundData is called. Currently, this function only checks if price is fresh.

This is not enough check, though. Function should also check that answer is bigger than 0 and roundId != 0,

Impact

Incorrect price can be fetched.

Tools Used

VsCode

Recommendations

Add additional check.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.