The staleCheckLatestRoundData()
can return stale or incorrect price data due to lacking proper validations of Chainlink's returned parameters.
The staleCheckLatestRoundData()
gets the collateral token's price data by executing the priceFeed.latestRoundData()
. Even though the function would check the received updatedAt
parameter against the TIMEOUT constant, that is still not enough to detect stale or incorrect price data.
Consider the following conditions.
If the answeredInRound
< roundId
, that indicates the returned answer
is an old/stale value.
If the answer
is less than or equal to 0, that indicates an incorrect price return.
The staleCheckLatestRoundData()
would not be able to detect the above conditions. As a result, the function will return stale or incorrect price data.
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/d1c5501aa79320ca0aeaa73f47f0dbc88c7b77e2/src/libraries/OracleLib.sol#L26-L27
The stale or incorrect price data can cause the DSC protocol's functions (e.g., mintDsc()
, burnDsc()
, redeemCollateral()
, and liquidate()
) to operate incorrectly, affecting the protocol's disruption.
Manual Review
I recommend adding the require
checks, as shown below, to detect stale or incorrect price data.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.