Steadefi

Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Submission Details
Severity: low
Invalid

Max delay is never negative

Summary

maxDelay is never 0 inside ChainlinkARBOracle.addTokenMaxDelay

Instead it should check that maxDelay is greater than 0.

Vulnerability Details

Inside ChainlinkARBOracle, the function addTokenMaxDelay
checks that maxDelay < 0. Since maxDelay is uint256, this will never be the case.

The correct check is to check that maxDelay != 0 or if (maxDelay == 0) { revert ... }

Impact

If maxDelay is set to 0 _chainlinkIsFrozen will likely return true and halting the function consult

Tools Used

Recommendations

Check maxDelay > MIN_DELAY where MIN_DELAY is some reasonable time greater than 0, for example 10 minutes

Updates

Lead Judging Commences

hans Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

INFO: Unnecessary maxDelay/maxDeviation check

Redundant check on maxDelay and/or maxDeviation in ARBOracle

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.