15,000 USDC
View results
Submission Details
Severity: high

Time Manipulation Vulnerability in Oracle Function

Summary

The "staleCheckLatestRoundData" function is vulnerable to time manipulation, which could be exploited by malicious miners during periods of Chainlink failure or temporary network disruptions. The vulnerability arises from the direct use of the "block.timestamp" to calculate the time elapsed since the last update of the price feed. By holding off blocks, miners can manipulate the "block.timestamp" value and fail the if (secondsSince > TIMEOUT) revert OracleLib__StalePrice(); check to leading to a revert and basically creating a denial of service

Vulnerability Details

function staleCheckLatestRoundData(AggregatorV3Interface priceFeed)
public
view
returns (uint80, int256, uint256, uint256, uint80)
{
(uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData();
uint256 secondsSince = block.timestamp - updatedAt;
if (secondsSince > TIMEOUT) revert OracleLib__StalePrice();
return (roundId, answer, startedAt, updatedAt, answeredInRound);
}

By holding off blocks, miners can manipulate the "block.timestamp" value and fail the if (secondsSince > TIMEOUT) revert OracleLib__StalePrice(); check

Impact

Leads to a revert and basically creating a denial of service

Tools Used

MANUAL REVIEW

Recommendations

To mitigate the time manipulation vulnerability and ensure the integrity of the price feed updates, we recommend adopting a more secure approach for calculating the time elapsed since the last update. One possible solution is to use a separate mechanism for tracking the time of the last price update, such as storing the "updatedAt" timestamp in a contract variable and updating it every time the price feed is updated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.