Submission Details
Severity:
Chainlink Stale Data
Summary
The current implementation of Chainlink oracles lacks checks for stale data, creating a potential vulnerability to price manipulation attacks. To address this, it is crucial to add explicit checks for stale data in the Chainlink oracle responses.
Vulnerability Details
LiquidationPool.sol
207: (,int256 priceEurUsd,,,) = Chainlink.AggregatorV3Interface(eurUsd).latestRoundData();
218: (,int256 assetPriceUsd,,,) = Chainlink.AggregatorV3Interface(asset.token.clAddr).latestRoundData();
Impact
The absence of explicit checks for stale data in Chainlink oracle responses poses a security risk, potentially exposing the protocol to price manipulation attacks.
Tools Used
Manual review
Recommendations
Implement the following checks to mitigate the risk:
(uint80 roundID, int256 answer, , uint256 timestamp, uint80 answeredInRound) = AggregatorV3Interface(chainLinkAggregatorMap[underlying]).latestRoundData();
require(answer > 0, "Chainlink price <= 0");
require(answeredInRound >= roundID, "Stale price");
require(timestamp != 0, "Round not complete");
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Reason: Known issue
Assigned finding tags:
Chainlink-price
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.