15,000 USDC
View results
Submission Details
Severity: medium
Valid

[M-01]TIMEOUT value is hardcoded

Summary

Hardcoding important values like TIMEOUT that will depend on whether the price is not stale in your code is not a good practice, as it makes it difficult to maintain and adapt.

Vulnerability Details

The TIMEOUT value was declared as a constant, if ChainLink updates this value or for some security reason you want to change it, this will not be possible, jeopardizing price verification and not returning stale price.

Impact

High

Tools Used

Manual code review

Recommendations

It is recommended to have a timeout state variable that can be set through a function that can only be called by the owner of the contract or whoever has the relevant special permissions.

Considering possible timeout if it were to happen for each proposed pair.

This would give you the flexibility to adjust the timeout based on the changing needs of the DSCEngine.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.