Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Off-by-One Error when validating chainlink answers would cause unnecessary reverts

forgebyola

Summary

Wrong check for chainlink answer between min and max answer would cause unnecessary DOS when chainlink returns a price at min or max.

Vulnerability Details

Zaros makes use of chainlink pricefeeds to provide reliable data on token price which is used in various parts of the system. On the return price data a validation is checked for if the answer falls within the min and max answer. If it does not fall within this range the function reverts.

try priceFeed.latestRoundData() returns (uint80, int256 answer, uint256, uint256 updatedAt, uint80) {

if (block.timestamp - updatedAt > priceFeedHeartbeatSeconds) {

revert Errors.OraclePriceFeedHeartbeat(address(priceFeed));

}

IOffchainAggregator aggregator = IOffchainAggregator(priceFeed.aggregator());

int192 minAnswer = aggregator.minAnswer();

int192 maxAnswer = aggregator.maxAnswer();

@> if (answer <= minAnswer || answer >= maxAnswer) {

revert Errors.OraclePriceFeedOutOfRange(address(priceFeed));

}

However, because of the use of <= and >=, any answer which falls on the minAnswer or maxAnswer would fail. Such answers are not actually out of range. This would cause unnecessary failure of a very crucial function in the system.

Impact

chainlinkUtils.getPrice which is very crucial to various operations such as liquidations, depositing collateral and filling orders can fail unnecessarily. This can cause other more critical issues during normal operations, to both users and the protocol.

Tools Used

Manual Review

Recommendations

Make use of < and > instead to properly check for answers falling out of range

- if (answer <= minAnswer || answer >= maxAnswer) {

+ if (answer < minAnswer || answer > maxAnswer) {

revert Errors.OraclePriceFeedOutOfRange(address(priceFeed));

}

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.