Submission Details
Severity:
Price oracle could get a stale price leading to incorrect calculation
## [M-1] Price oracle could get a stale price
## Vulnerability Details
In the `KittyVault::getUserVaultMeowllateralInEuros` function does not check for stale price using updateAt and roundId.
Links:
https://github.com/Cyfrin/2024-08-kitty-fi/blob/950ac553b935a3bf9277b71ffa5662a84f2633fe/src/KittyVault.sol#L153
https://github.com/Cyfrin/2024-08-kitty-fi/blob/950ac553b935a3bf9277b71ffa5662a84f2633fe/src/KittyVault.sol#L155
## Impact
A stale price can cause `getUserVaultMeowllateralInEuros` to return a wrong value causing several function which depends on it to malfunction.
## Tools Used
Manual Review
## Recommendations
Check answer, updateAt and roundId when getting price:
```diff
- (, int256 collateralToUsdPrice, , , ) = i_priceFeed.latestRoundData();
+ (uint80 roundId, int256 collateralToUsdPrice, , uint256 updatedAt, uint80 answeredInRound) = i_priceFeed.latestRoundData();
+ require(updatedAt > 0, "Round is not complete");
+ require(answer >= 0, "Invalid feed answer");
+ require(answeredInRound >= roundID, "Stale price")
```
same should be done for `i_euroPriceFeed`
Updates
Lead Judging Commences
shikhar229169
10 months ago
shikhar229169 10 months ago
Submission Judgement Published Assigned finding tags:
Stale Price from Chainlink Datafeed
Rewards breakdown
nSLOC
224This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.