Foundry DeFi Stablecoin CodeHawks Audit Contest
Cyfrin
DeFiFoundry
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Chainlink price is used without checking validity

Dharma

Summary

The Meta protocol relies on a Chainlink price oracle to calculate the excess income distributed to all mUSD holders.
However, the current implementation lacks checks for the staleness of the price obtained from Chainlink.

Vulnerability Details

363: (, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
364: // 1 ETH = $1000
365: // The returned value from CL will be 1000 * 1e8
366: return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;

This omission can lead to issues if Chainlink starts a new round and struggles to establish consensus on the new value for the oracle. Without proper checks, consumers of this contract may continue using outdated, stale, or incorrect data if oracles are unable to submit and start a new round. Possible reasons for this could include Chainlink nodes abandoning the oracle, chain congestion, or vulnerabilities/attacks on the Chainlink system.

Additionally, it is important to check if the Arbitrum sequencer is active.
Please refer to the issue at https://github.com/sherlock-audit/2022-11-sentiment-judging/issues/3 for more information.

Impact

This vulnerability is classified as MEDIUM because it affects user assets only when the Chainlink oracle is in bad status.

Tools Used

Code review

Recommendations

To address this issue, it is recommended to implement checks to ensure that the price returned by Chainlink is not stale. The following code snippet can be used to validate the price obtained from Chainlink:

( roundId, rawPrice, , updateTime, answeredInRound ) = priceFeed.latestRoundData();
require(rawPrice > 0, "Chainlink price <= 0");
require(updateTime != 0, "Incomplete round");
require(answeredInRound >= roundId, "Stale price");

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.