Steadefi
Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Chainlink answer can be negative

aballok

Summary

Chainlink returned answer/price can be negative

Vulnerability Details

There is no check to revert if answers, prices form priceFeed which come as int256 values are negative.

// Arbitrum sequencer uptime feed
(
/* uint80 _roundID*/,
int256 _answer,
uint256 _startedAt,
/* uint256 _updatedAt */,
/* uint80 _answeredInRound */
) = sequencerUptimeFeed.latestRoundData();

Impact

This if ignored can result in critical errors in the protocol with usage of faulty pricing that affecting conversion,rebalances, leverage positioning etc. For the assets being used negative prices should not be allowed

Tools Used

Manual Analysis, Previous Audits, Chainlink Oracle Intergration Best Practises

Recommendations

//Check _latestAnswer an int256 value stored in response.answer is not negative( less than zero)

function _badChainlinkResponse(ChainlinkResponse memory response) internal view returns (bool) {
// Check for response call reverted
if (!response.success) { return true; }
// Check for an invalid roundId that is 0
if (response.roundId == 0) { return true; }
// Check for an invalid timeStamp that is 0, or in the future
if (response.timestamp == 0 || response.timestamp > block.timestamp) { return true; }
// Check for non-positive price
if (response.answer <= 0) { return true; } // check _latestAnswer is not less than 0 <=== [<=0 vs == 0]
return false;
}
Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Chainlink oracle answer can be negative

Very low likelihood -> evaluate the severity to LOW

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.