Steadefi

Summary

A vulnerability in the ChainlinkARBOracle contract's timestamp validation logic may lead to transaction handling issues, potentially causing unauthorized approvals or rejections.

Vulnerability Details

Located at line 117 of ChainlinkARBOracle.sol, the code if (response.timestamp == 0 || response.timestamp > block.timestamp) { return true; } fails to include an equality check with the block's timestamp, contradicting EIP-2612's recommendations on deadline handling.

Impact

This gap could lead to valid transactions at the deadline being incorrectly rejected or expired transactions being erroneously accepted.

Tools Used

Manual review

Recommendations

Revise the condition to if (response.timestamp == 0 || response.timestamp >= block.timestamp) { return true; }, enabling correct handling of deadlines. Post-update, reevaluate the contract and consider an external security audit for comprehensive assessment.11