Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Insufficient validation of `startedAt` in `ChainlinkUtil.getPrice()`.

bladesec

Github link

https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/external/chainlink/ChainlinkUtil.sol#L50

Summary

ChainlinkUtil.getPrice() doesn't work properly when startedAt = 0.

Vulnerability Details

According to the chainlink docs, sequencerUptimeFeed can return a 0 value for startedAt if it is called during an "invalid round".

An "invalid round" is described to mean there was a problem updating the sequencer's status, possibly due to network issues or problems with data from oracles, and is shown by a startedAt time of 0 and answer is 0.

if (address(sequencerUptimeFeed) != address(0)) {
try sequencerUptimeFeed.latestRoundData() returns (
uint80, int256 answer, uint256 startedAt, uint256, uint80
) {
bool isSequencerUp = answer == 0;
if (!isSequencerUp) {
revert Errors.OracleSequencerUptimeFeedIsDown(address(sequencerUptimeFeed));
}
uint256 timeSinceUp = block.timestamp - startedAt; //@audit startedAt can be 0
if (timeSinceUp <= Constants.SEQUENCER_GRACE_PERIOD_TIME) {
revert Errors.GracePeriodNotOver();
}
} catch {
revert Errors.InvalidSequencerUptimeFeedReturn();
}
}

But in getPrice(), it will work without reverting because timeSinceUp is greater than SEQUENCER_GRACE_PERIOD_TIME.

Impact

ChainlinkUtil.getPrice() won't revert when the sequencer uptime feed is not updated or called in an invalid round.

Tools Used

Manual Review

Recommendations

getPrice() should revert when startedAt = 0.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Inadequate implementation of sequencer check

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.