Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Stale Price Feed Usage in FeeConversionKeeper.sol

elit3pwner

Summary:
FeeConversionKeeper.sol relies on Chainlink price feeds without checking for staleness, risking incorrect fee conversions.

Vulnerability Details:
The contract fetches the latest price using priceFeed.latestAnswer() but does not validate the updatedAt timestamp. If the feed is outdated (e.g., due to a Chainlink heartbeat delay), the keeper could convert fees using incorrect prices, leading to under/overvalued transactions.

Code Reference:

FeeConversionKeeper.sol (Lines 60-70):

function convertFees() external {
int256 price = priceFeed.latestAnswer(); // No staleness check
// Proceeds with conversion using potentially stale price
}

Impact:
Stale prices could cause fees to be converted at unfavorable rates, resulting in financial losses for the protocol or users.

Recommendations:
Add a timestamp check to ensure the price is recent:

(, int256 price, , uint256 updatedAt, ) = priceFeed.latestRoundData();

require(block.timestamp - updatedAt <= MAX_AGE, "Stale price");

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.