Submission Details
Severity:
Chainlink's `latestRoundData` might return stale or incorrect results
Summary
Can use stale prices
Vulnerability Details
OracleLib uses Chainlink’s latestRoundData, but there is no check if the return value indicates stale data.
function staleCheckLatestRoundData(AggregatorV3Interface priceFeed)
public
view
returns (uint80, int256, uint256, uint256, uint80)
{
(uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData();
uint256 secondsSince = block.timestamp - updatedAt;
if (secondsSince > TIMEOUT) revert OracleLib__StalePrice();
return (roundId, answer, startedAt, updatedAt, answeredInRound);
}
It also doesn't check return value at the caller of OracleLib.staleCheckLatestRoundData function.
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
Impact
This could lead to stale prices according to the Chainlink documentation
Tools Used
vscode
Recommendations
Add checks on the return data with proper revert messages if the price is stale or the round is uncomplete.
(uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData();
require(answeredInRound >= roundId, "Stale price");
require(updatedAt != 0, "Round not complete");
require(answer > 0,"Chainlink answer reporting 0");
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
23664 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.