Steadefi

Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Submission Details
Severity: low
Invalid

Incorrect check on maxDeviation

Summary

Incorrect check on maxDeviation inside the function ChainlinkARBOracle.addTokenMaxDeviation

Vulnerability Details

The function addTokenMaxDeviation reverts if maxDeviation < 0. However since maxDeviation is uint256, it will always be non-negative.

The correct check is to check that maxDeviation is > 0.

Impact

If maxDeviation is set to 0, this can halt the function consult since the function consult reverts when the price deviates above the threshold set by maxDeviation.
maxDeviation = 0 means that the price cannot change from the previous price.

Tools Used

Recommendations

Fix the check inside addTokenMaxDeviation.
Revert if maxDeviation == 0

Updates

Lead Judging Commences

hans Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

INFO: Unnecessary maxDelay/maxDeviation check

Redundant check on maxDelay and/or maxDeviation in ARBOracle

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.