Risks of Utilizing Unvalidated 'latestRoundData' Integer Price Return in Arithmetic Operations
Summary
The project uses the latestRoundData, but there is no check to verify if the return value indicates stale data or if the returned data is greater than 0. This value is then directly used in arithmetic operations, such as division.
Vulnerability Details
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/LiquidationPool.sol#L218
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/LiquidationPool.sol#L207
The lines above utilize Chainlink's latestRoundData without verifying whether the value is greater than zero or stale. Subsequently, this value is employed in the division operation in the line below.
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/LiquidationPool.sol#L220
Impact
The latestRoundData function from Chainlink offers the most recent price from an oracle feed. If improperly utilized, it can introduce severe vulnerabilities in Solidity contracts. Specifically, direct utilization of this returned price in uint arithmetic poses a high risk. If the oracle feed returns a price of zero and it's used as a divisor, it will result in a 'division by zero' error, leading to transaction failure.
Tools Used
Manual
Recommendations
Similar checks like below can be incorporated.
Chainlink documentation:
https://docs.chain.link/data-feeds/price-feeds/historical-data
Similar issue:
https://github.com/sherlock-audit/2023-02-blueberry-judging/issues/94
Lead Judging Commences
Chainlink-price
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.