Missing expiration check in `Data Streams` report validation allows the use of expired report data
Summary
The requireDataStreamsReportIsValid function in the contract fails to check the expiresAt timestamp of the PremiumReport, potentially allowing the use of expired data.
Vulnerability Details
The vulnerability lies in the requireDataStreamsReportIsValid function in SettlementConfiguration.sol:
The function correctly checks if the streamId matches the feedId in the report and if the current block.timestamp is not later than validFromTimestamp + maxVerificationDelay.
However, it fails to check the expiresAt field of the PremiumReport.
According to chainlink docs Report Schema has a uint32 expiresAt timestamp which denotes the expiration timestamp of this report.
expiresAt uint32 The expiration date of this report
If expiresAt is less than validFromTimestamp + maxVerificationDelay, it means the report will expire before it’s considered invalid based on the maxVerificationDelay. This could lead to a situation where an expired report is still considered valid.
Impact
The Settlements in the protocol may use expired price data for critical operations, leading to incorrect pricing and unfair trades.
Tools Used
Manual Review
Recommendations
Add a check to requireDataStreamsReportIsValid:
Lead Judging Commences
There is a chance of consuming stale reports
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.