ChainlinkARBOracle.consult will revert phase id was increased for chainlink aggregator
Summary
ChainlinkARBOracle.consult will revert phase id was increased for chainlink aggregator, because wrong round will be requested instead of previous one.
Vulnerability Details
In order to validate chainlink price ChainlinkARBOracle fetched answer for current and previous rounds.
In order to get the previous round, roundId from current response is used. So just roundId - 1 is requested.
Round id in the chainlink consists of phaseId and aggregatorRoundId. In case if new aggregator is used, then phaseId is increased.
So the problem occurs when new aggregator is used and it has only the first round. Then roundId - 1 will not point to the last round of the previous aggregator, but it will be an incorrect round. As a result wrong answer will be returned and the call will likely revert.
Impact
Call will revert as price will not be validated.
Tools Used
VsCode
Recommendations
It can be really complicated fix, where you need to parse roundId to know if phase was changed. I am not sure it worth it.
Lead Judging Commences
Chainlink round id is not monotonic
Impact: HIGH Likelihood: Equal to how often the round id is not monotonic. https://docs.chain.link/data-feeds/historical-data#solidity
Chainlink Oracle previous round id is wrong when phase increases
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.