Submission Details
Severity:
Chainlink `latestRoundData` might be stale or incorrect.
Vulnerability Details
The LiquidationPool calls out to a Chainlink oracle receiving the latestRoundData(), however there is no checks that price is not stale.
(,int256 priceEurUsd,,,) = Chainlink.AggregatorV3Interface(eurUsd).latestRoundData();
https://github.com/Cyfrin/2023-12-the-standard/blob/91132936cb09ef9bf82f38ab1106346e2ad60f91/contracts/LiquidationPool.sol#L207
(,int256 assetPriceUsd,,,) = Chainlink.AggregatorV3Interface(asset.token.clAddr).latestRoundData();
https://github.com/Cyfrin/2023-12-the-standard/blob/91132936cb09ef9bf82f38ab1106346e2ad60f91/contracts/LiquidationPool.sol#L218
Impact
Stale price can result bad calculation.
Tools Used
Manual review
Recommendations
Consider to add the following checks:
function distributeAssets(ILiquidationPoolManager.Asset[] memory _assets, uint256 _collateralRate, uint256 _hundredPC) external payable {
consolidatePendingStakes();
(,int256 priceEurUsd,,uint256 updatedAt,) = Chainlink.AggregatorV3Interface(eurUsd).latestRoundData();
++ require(priceEurUsd > 0, "Chainlink price <= 0");
++ require(block.timestamp - updatedAt <= MAX_DELAY, "stale price");
...
}
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Reason: Known issue
Assigned finding tags:
Chainlink-price
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.