15,000 USDC
View results
Submission Details
Severity: medium
Valid

OracleLib.staleCheckLatestRoundData() will fail to revert upon stale price as TIMEOUT greater than btc/usd & eth/usd heartbeats

Summary

OracleLib.staleCheckLatestRoundData() will fail to revert upon stale price as TIMEOUT greater than btc/usd & eth/usd heartbeats.

Vulnerability Details

Oraclelib.TIMEOUT is hard-coded to 10800 seconds (3hrs) but BTC/USD & ETH/USD Chainlink price feeds (check the "Show More Details" box) have a heartbeat of 3600 seconds (1hr).

If btc/usd & eth/usd price feeds haven't been updated for >=3601 seconds the price feed must be considered stale and OracleLib.staleCheckLatestRoundData() must revert, but as the hard-coded timeout is 10800 a stale price will be considered fresh for 2 hours longer than should be the case.

Impact

Upstream code will treat stale price as fresh for up to 2 hours after the price has become stale, resulting in potential loss to users and to the protocol.

Tools Used

Manual

Recommendations

At a minimum OracleLib.TIMEOUT should be set to 3600 seconds to match BTC/USD & ETH/USD heartbeats. Ideally each Oracle feed should have its own timeout value but that is another issue.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.