Stratax Contracts

First Flight #57

Beginner FriendlyDeFi

100 EXP

View all submissions

Previous Next

Submission Details

Impact: high

Likelihood: medium

Missing Staleness Check in Oracle Integration Leads to Potential Protocol Insolvency

Author Revealed upon completion

Root + Impact

Description

The StrataxOracle contract uses Chainlink's latestRoundData() but only validates that the price is positive. It fails to check the updatedAt timestamp and the answeredInRound values. This means the protocol could accept "stale" (old) prices if the oracle stops updating during market volatility.

// Root cause in the codebase with @> marks to highlight the relevant section// File: StrataxOracle.sol

// Line 64 & 94

// The code fetches price but ignores metadata (updatedAt, roundId)

(, int256 answer,,,) = priceFeed.latestRoundData();

require(answer > 0, "Invalid price from oracle");

Risk

Likelihood:

This happens during high network congestion or extreme market crashes when oracle heartbeats are missed, causing the data to lag behind the real market price.

Impact:

The protocol will allow users to borrow or trade based on outdated prices. In a market crash, this leads to bad debt as the collateral is valued higher than its actual worth, potentially bankrupting the protocol.

Proof of Concept

// Exploit Scenario:

// 1. Real market price of ETH drops from $3000 to $2000.

// 2. Chainlink update lags; latestRoundData still returns $3000.

// 3. StrataxOracle.getPrice() returns $3000 because it doesn't check 'updatedAt'.

// 4. Attacker deposits ETH and borrows assets worth $3000.

// 5. Protocol is left with collateral worth $2000 for a $3000 debt.

Recommended Mitigation

- (, int256 answer,,,) = priceFeed.latestRoundData();

+ (uint80 roundId, int256 answer,, uint256 updatedAt, uint80 answeredInRound) = priceFeed.latestRoundData();

+ require(updatedAt != 0, "Incomplete round");

+ require(answeredInRound >= roundId, "Stale price");

+ require(block.timestamp - updatedAt < 3600, "Price is too old");

Rewards breakdown

nSLOC

356

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!