accessing price for assets on the forex markets outside of the forex market hours.
Summary
The chainlink best practices for ETF and Forex feeds stipulates that, for assets on the Forex ( Foreign Exchange) markets, we should not use Forex feeds outside market hours for the specific currency.
Vulnerability Details
The chainlink best practices for ETF and Forex feeds stipulates that, for assets on the Forex ( Foreign Exchange) markets, we should not use Forex feeds outside market hours for the specific currency. The protocol uses the EUR/USD price feed with a market hour of forex but we can notice that, it's possible to take out new loans or repay our debt every day of the week ( Saturday included ) and these functionalities query the EUR/USD feed for the exchange rate. In other words, the protocol is clearly accessing this price feed outside the forex market hours.
Impact
The protocol is accessing the EUR/USD price feed outside the recommended market hours and there's no telling what the deviation might be between real world price and the on-chain price of this pair during such hours.
The impact depends on the usage of the price info.
when it is used as part of the collateral for lenders:
Users can get better borrows if the price is above the actual price
Users can avoid liquidations if the price is under the actual price
Tools Used
Manual review
Recommendations
query/use the EUR/USD price feed only during the recommended forex market hours.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.