Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

min and max answers which should be accepted are not

arnie

Summary

min and max answers which should be accepted are not

Vulnerability Detail

In the getPrice function, there is a call to the aggregator to retrieve the min and max answer.

IOffchainAggregator aggregator = IOffchainAggregator(priceFeed.aggregator());
int192 minAnswer = aggregator.minAnswer();
int192 maxAnswer = aggregator.maxAnswer();

the min and max answer are the lowest and highest amounts that should be accepted.
However the if statement directly after this call incorrectly handles the case.

if (answer <= minAnswer || answer >= maxAnswer) {
revert Errors.OraclePriceFeedOutOfRange(address(priceFeed));
}

as you can see above the if statement uses <= and >= when it should actually just use < >. Because we are reverting at answers which are acceptable. the min and max are values that are still acceptable and should not be excluded.

Impact

getPrice function will revert with acceptable min and max answer.

Code Snippet

https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/external/chainlink/ChainlinkUtil.sol#L68

Tool used

Manual Review

Recommendation

change the <= and >= ,to < and >

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.