Submission Details
Severity:
Chainlink price feeds can go stale
Summary
Chainlink price feeds can go stale, so there should be check to make sure they are not stale.
If the Chainlink feed goes stale, and the protocol is relying on it, then the protocol could be at risk.
Vulnerability Detail
Stale price check is missing
Impact
If the Chainlink feed goes stale, and the protocol is relying on it, then the protocol could be at risk.
Code Snippet
function getUsdValue(address token, uint256 amount) public view returns (uint256) {
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
// 1 ETH = $1000
// The returned value from CL will be 1000 * 1e8
return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;
}
Tool used
Recommendation
Check the price of the chainlink aggregator
function getUsdValue(address token, uint256 amount) public view returns (uint256) {
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
// Check if the price retrieved is greater than zero
require(price > 0, "Invalid price from Chainlink");
// 1 ETH = $1000
// The returned value from CL will be 1000 * 1e8
return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
23664 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.