The response is always set to `response.success = true` even when it is not
Summary
When the protocol requests a price from Chainlink, the response.success parameters are always set to response.success = true.
Vulnerability Details
This happen in this code snippet:
https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/oracles/ChainlinkARBOracle.sol#L199
As you can see, it does not go through a state validation whether the state is correct or not, it's just assigned true each time and as a consequence it never passes the check in _badChainlinkResponse() and will not throw an error when it actually no response is received.
https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/oracles/ChainlinkARBOracle.sol#L113
Impact
Low, even when _badChainlinkResponse() has a good check. This is part of them and it better work properly. This adds a layer of security.
Tools Used
Manual code review
Recommendations
Apply correct verification when the response is received and must be related to the actual response.
Lead Judging Commences
INFO: Unnecessary success flag
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.