QuantAMM

49,600 OP

Submission Details

Severity: low

Invalid

Chainlink returned data is not checked for being stale

There is a call to the Chainlink price feed latestRoundData in the line https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/ChainlinkOracle.sol#L29v.It can return a stale price due to Chainlink lagging in delivering actual data.

Stale prices can result in transactions being excuted at incorrect rates

We recommend adding a call to the price feed function updatedAt to check if the returned data is not stale.

Updates

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

LightChaser: ## [Medium-4] Insufficient oracle validation

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.