Submission Details
Severity:
Chainlink's `latestRoundData` might return stale or incorrect results in ` KittyVault::`
Vulnerability Details
On KittyVault.sol, we are using latestRoundData, but there is no check if the return value indicates stale data.
(, int256 collateralToUsdPrice, , , ) = i_priceFeed.latestRoundData();
(, int256 euroPriceFeedAns, , , ) = i_euroPriceFeed.latestRoundData();
This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/docs/historical-price-data/#historical-rounds
https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round
Tool Used
Manual
Recommedation
Consider adding missing checks for stale data.
( roundId, rawPrice, , updateTime, answeredInRound ) = i_euroPriceFeed.latestRoundData();
require(rawPrice > 0, "Chainlink price <= 0");
require(updateTime != 0, "Incomplete round");
require(answeredInRound >= roundId, "Stale price");
( roundId, rawPrice, , updateTime, answeredInRound ) =
i_priceFeed.latestRoundData();
require(rawPrice > 0, "Chainlink price <= 0");
require(updateTime != 0, "Incomplete round");
require(answeredInRound >= roundId, "Stale price");
Updates
Lead Judging Commences
shikhar229169 10 months ago
Submission Judgement Published Assigned finding tags:
Stale Price from Chainlink Datafeed
Rewards breakdown
nSLOC
224This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.