First Flight #21: KittyFi
First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Lack of price feed Validation

brene

Summary

The getUserVaultMeowllateralInEuros function fetches prices from Chainlink oracles using the latestRoundData method but does not validate if the price feed response is within an acceptable range or if the data is stale.

Vulnerability Details

The getUserVaultMeowllateralInEuros function lacks proper validation of the price feed used to calculate the collateral value in Euros.

function getUserVaultMeowllateralInEuros(address _user) external view returns (uint256) {
>> (, int256 collateralToUsdPrice, , , ) = i_priceFeed.latestRoundData();
>> (, int256 euroPriceFeedAns, , ,) = i_euroPriceFeed.latestRoundData();
uint256 collateralAns = getUserMeowllateral(_user).mulDiv(uint256(collateralToUsdPrice) * EXTRA_DECIMALS, PRECISION);
return collateralAns.mulDiv(uint256(euroPriceFeedAns) * EXTRA_DECIMALS, PRECISION);
}

Impact

Lack of validation may result in incorrect collateral valuation, leading to inaccurate calculations for minting, burning, and liquidating assets. This can cause financial discrepancies and unfair liquidations.

Tools Used

Manual Review

Recommendations

Implement checks to validate the price feed responses, ensuring they are within acceptable ranges and not stale

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Stale Price from Chainlink Datafeed

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.