Submission Details
Severity:
Need more oracle price checking
Summary
In the github links' code, the function checks if the answer is valid before returning the price data by timestamp. But there should be more checks.
Vulnerability Details
Stale data of Chainlink price feed can still be sent to the protocol in some special and extreme cases.
Impact
In some situation the price feed can be still stale even though the timestamp is alright.
Tools Used
Recommendations
Do this to make sure the returned price from Chainlink price feed is valid.
error OracleLib__StalePrice();
uint256 private constant TIMEOUT = 3 hours; // 3 * 60 * 60 = 10800 seconds
function staleCheckLatestRoundData(AggregatorV3Interface priceFeed)
public
view
returns (uint80, int256, uint256, uint256, uint80)
{
(uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData();
// @audit also check 1. if the answer is more than 0, and check 2. the current roundId is more than the previous roundId.
uint256 secondsSince = block.timestamp - updatedAt;
- if (secondsSince > TIMEOUT) revert OracleLib__StalePrice();
+ if (secondsSince > TIMEOUT || answer < 0 || answeredInRound < roundId ) revert OracleLib__StalePrice();
return (roundId, answer, startedAt, updatedAt, answeredInRound);
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
23664 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.