Steadefi

Impact

Stale prices that do not reflect the current market price anymore could be
used which would influence the exchange rate of the assets to ETH/USDC. This
could lead to issues with free collateral and lead to wrong
liquidations/borrows. The lastestRoundData used in the ChainlinkOracle which fetches data from the AggregatorV3Interface using the lastestRoundData.However, there are no checks on roundID nor timeStamp, resulting in stale
prices. Stale prices could put funds at risk. Freshness of the returned price
should be checked, since it affects an account’s health (and therefore
liquidations).

Tools Used

Manual review

Recommendations

(
uint80 _latestRoundId,
int256 _latestAnswer,
/* uint256 _startedAt */,
uint256 _latestTimestamp,
uint80 _answeredInRound
) = AggregatorV3Interface(_feed).latestRoundData();

_chainlinkResponse.roundId = _latestRoundId;
_chainlinkResponse.answer = _latestAnswer;
_chainlinkResponse.timestamp = _latestTimestamp;
_chainlinkResponse.success = true;

require(answer > 0, "...");
require(roundId >= _answeredInRound, "...")
require(timeStamp != 0, "...");