You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 1, 2023. It is now read-only.
sherlock-admin opened this issue
Mar 27, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
Chainlink price feed is not sufficiently validated and can return stale price
Summary
The price feed from chainlink oracle used in getLatestPrice function of ControllerPeggedAssetV2.sol should use the updateAt return value from the latestRound() data to ensure the answer is very recent with respect to time.
"Your application should track the latestTimestamp variable or use the updatedAt value from the latestRoundData() function to make sure that the latest answer is recent enough for your application to use it. If your application detects that the reported answer is not updated within the heartbeat or within time limits that you determine are acceptable for your application, pause operation or switch to an alternate operation mode while identifying the cause of the delay."
function getLatestPrice(address_token) publicviewreturns (int256) {
(
,
/*uint80 roundId*/int256answer,
uint256startedAt, /*uint256 updatedAt*//*uint80 answeredInRound*/
,
) = sequencerUptimeFeed.latestRoundData();
// Answer == 0: Sequencer is up// Answer == 1: Sequencer is downbool isSequencerUp = answer ==0;
if (!isSequencerUp) {
revertSequencerDown();
}
// Make sure the grace period has passed after the sequencer is back up.uint256 timeSinceUp =block.timestamp- startedAt;
if (timeSinceUp <= GRACE_PERIOD_TIME) {
revertGracePeriodNotOver();
}
AggregatorV3Interface priceFeed =AggregatorV3Interface(
vaultFactory.tokenToOracle(_token)
);
(uint80roundID, int256price, , , uint80answeredInRound) = priceFeed
.latestRoundData();
uint256 decimals = priceFeed.decimals();
if (decimals <18) {
decimals =10**(18- (decimals));
price = price *int256(decimals);
} elseif (decimals ==18) {
price = price;
} else {
decimals =10**((decimals -18));
price = price /int256(decimals);
}
if (price <=0) revertOraclePriceZero();
if (answeredInRound < roundID) revertRoundIDOutdated();
return price;
}
Impact
Price oracle could return stale price which could result to loss of funds by users.
dmitriia
added
Medium
A valid Medium severity issue
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
and removed
Excluded
Excluded by the judge without consulting the protocol or the senior
labels
Apr 10, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
kaysoft
medium
Chainlink price feed is not sufficiently validated and can return stale price
Summary
The price feed from chainlink oracle used in
getLatestPrice
function ofControllerPeggedAssetV2.sol
should use theupdateAt
return value from the latestRound() data to ensure the answer is very recent with respect to time.Vulnerability Detail
In the current implementation
ControllerPeggedAssetV2.sol#getLatestPrice
there is no validation to check if the answer is stale based on time as recommended by Chainlink: https://docs.chain.link/data-feeds/#check-the-timestamp-of-the-latest-answerImpact
Price oracle could return stale price which could result to loss of funds by users.
Code Snippet
File: https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Controllers/ControllerPeggedAssetV2.sol#L273
Tool used
Manual Review
Recommendation
Consider validating that the
price
is not stale based on theupdatedAt
value as recommended by Chainlink: https://docs.chain.link/data-feeds/#check-the-timestamp-of-the-latest-answerDuplicate of #70
The text was updated successfully, but these errors were encountered: