Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Protocol is going to ingest heavily outdated data

igdbaxe

Summary

Vulnerability Details

Take a look at https://github.com/Cyfrin/2024-02-Beanstalk-1/blob/a3658861af8f5126224718af494d02352fbb3ea5/protocol/contracts/libraries/Oracle/LibChainlinkOracle.sol#L138-L149

function checkForInvalidTimestampOrAnswer(
uint256 timestamp,
int256 answer,
uint256 currentTimestamp
) private pure returns (bool) {
// Check for an invalid timeStamp that is 0, or in the future
if (timestamp == 0 || timestamp > currentTimestamp) return true;
// Check if Chainlink's price feed has timed out
if (currentTimestamp.sub(timestamp) > CHAINLINK_TIMEOUT) return true;
// Check for non-positive price
if (answer <= 0) return true;
}

This function is called in all instances of querying prices from chainlink, issue is with the stale data check, it uses a hardcoded CHAINLINK_TIMEOUT value which has been set to 4 hours as seen here https://github.com/Cyfrin/2024-02-Beanstalk-1/blob/a3658861af8f5126224718af494d02352fbb3ea5/protocol/contracts/libraries/Oracle/LibChainlinkOracle.sol#L22, now hints from this contract state that it's going to be attached to the ETH/USD feed, navigating to the feed we can see that the update time for this feed is just 1 hour and not 4.

Impact

This leads to protocol to ingest heavily outdated/stale prices.

Tools Used

Recommendations

Reconsider the value for CHAINLINK_TIMEOUT and have it to be like an hour

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Oracle timeout

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.