QuantAMM

Summary

A vulnerability in the MultiHopOracle.s contract allows for price manipulation due to inadequate validation in the _getData() function. The function relies solely on latestRoundData() and only verifies that the price data is greater than zero and the timestamp is fresh. This lack of robust checks opens the system to exploitation, particularly for multi-hop oracles, where manipulation of a single oracle in the chain could compromise the entire price calculation.

Vulnerability Details

The oracle system, particularly in MultiHopOracle.sol, is vulnerable to price manipulation due to lack of proper validation of oracle data. The _getData() function only uses latestRoundData() without additional validations beyond timestamp staleness:

Impact

This is particularly concerning for multi-hop oracles where manipulation of a single oracle in the chain could affect the entire price calculation. An attacker could:

1. Front-run transactions when they detect a price update is coming

2. Manipulate DEX prices temporarily

3. Cause the oracle to report manipulated prices

4. Execute trades with the manipulated price

Chainlink documentation specifically recommends checking for: roundId > answeredInRound, lastRoundId matches roundId of price being used, and timestamp freshness.

Tools Used

Manual Review

Recommendations

To address this vulnerability, enhance the validation of oracle data by incorporating additional checks as recommended in Chainlink's documentation. Ensure that roundId > answeredInRound, verify that the lastRoundId matches the roundId of the price being used, and confirm the timestamp freshness to detect any inconsistencies or manipulations. Implement safeguards to detect and reject suspicious or anomalous data patterns, such as outlier detection or multi-source validation.