Stale prices can be used in Chainlink oracles without heartbeat checks
Summary
Chainlink data can be stale if not updated within the stipulated heartbeat. This means calls to any Chainlink oracle can produce stale data and be used to perform activities like creating shorts, asks and bids.
Vulnerability Details
Chainlink oracles define a heartbeat they use in updating prices. Prices are considered stale if they aren't updated after the heartbeat countdown elapses. The Chainlink oracle call for all oracles except the baseOracle does not have a staleness check to prevent using stale data for prices. This will allow it create asks, bids and shorts using stale and possibly inaccurate prices.
Impact
The protocol can use stale prices to perform operations like creating asks, bids, shorts and other core functionalities.
Tools Used
Vscode
Recommendations
Add a staleness check to the invalidFetchData check. The createMarket function parameters can be expanded to include a heartbeat for each new oracle added which can then be used in the invalidFetchData check.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.