Submission Details
Impact:
Likelihood:
Missing Staleness Check
Author Revealed upon completion
Root + Impact
Description
-
Describe the normal behavior in one or more sentences
-
Explain the specific issue or problem in one or more sentences
// Description
The function does not validate whether the returned updatedAt timestamp is recent.
Chainlink feeds can become:
1 Frozen
2 Paused
3 Stale
4 Unresponsive
Without a staleness threshold, the contract may rely on outdated pricing data.
//Root Cause
@> function getRoundData(address _token)
public
view
returns (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound)
{
address priceFeedAddress = priceFeeds[_token];
require(priceFeedAddress != address(0), "Price feed not set for token");
AggregatorV3Interface priceFeed = AggregatorV3Interface(priceFeedAddress);
(roundId, answer, startedAt, updatedAt, answeredInRound) = priceFeed.latestRoundData();
}
Risk
While this issue does not allow direct oracle manipulation by an attacker, it amplifies the impact of oracle downtime, delayed updates, or feed degradation, making it a medium-likelihood risk in live environments—especially for lending, liquidation, or pricing-sensitive logic.
Impact:
If stale data price is used :
-
Impact 1 Liquidations may fail
-
Impact 2 Borrow limits may be miscalculated
-
Proof of Concept
Not necessary
Recommended Mitigation
- remove this code
Add this check to the affected part
+ require(updatedAt > 0, "Incomplete round");
+ require(block.timestamp - updatedAt <= MAX_DELAY, "Stale price");
Rewards breakdown
nSLOC
356This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.