Submission Details
Severity:
Insufficient staleness validation in LibOracle's oracleCircuitBreaker function
Summary
The LibOracle.oracleCircuitBreaker function lacks validation for the heartbeat of both oracles.
Vulnerability Detail
The LibOracle.oracleCircuitBreaker function is responsible for validating both the getLatestData of the base oracle and the asset oracle. However, it currently lacks sufficient validation.
Impact
Loss of funds due to inadequate staleness checks for the asset's price.
Tool Used
Manual Review
Recommendation
Add heartbeat validation similar to that in the baseOracleCircuitBreaker function. This modification will help ensure proper validation of both oracles' heartbeats and enhance the security of the system.
bool invalidFetchData = roundId == 0 || timeStamp == 0
+ || block.timestamp > 2 hours + timeStamp
+ || block.timestamp > 2 hours + baseTimeStamp
|| timeStamp > block.timestamp || chainlinkPrice <= 0 || baseRoundId == 0
|| baseTimeStamp == 0 || baseTimeStamp > block.timestamp
|| baseChainlinkPrice <= 0;
Prize pool breakdown
Total prize
55,000 USDC
nSLOC
3,36516 USDC / LOC
50,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.