Skip to content
This repository has been archived by the owner on Oct 20, 2024. It is now read-only.

xiaoming90 - Oracle's validation checks can be further strengthened #96

Closed
github-actions bot opened this issue Apr 22, 2024 · 0 comments
Closed

xiaoming90 - Oracle's validation checks can be further strengthened #96

github-actions bot opened this issue Apr 22, 2024 · 0 comments
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout

Comments

@github-actions
Copy link

github-actions bot commented Apr 22, 2024
edited by sherlock-admin4
Loading

xiaoming90

medium

Oracle's validation checks can be further strengthened

Summary

Validation checks of the oracle can be further strengthened.

Vulnerability Detail

Following is the existing validation check in place for the returned oracle price.

https://github.com/sherlock-audit/2024-04-alchemix/blob/main/v2-foundry/src/utils/collectors/OptimismRewardCollector.sol#L78

File: OptimismRewardCollector.sol
091:     function getExpectedExchange(address yieldToken) external view returns (uint256) {
092:         uint256 expectedExchange;
093:         address[] memory token = new address[](1);
094:         uint256 totalToSwap = TokenUtils.safeBalanceOf(rewardToken, address(this));
095: 
096:         // Ensure that round is complete, otherwise price is stale.
097:         (
098:             uint80 roundID,
099:             int256 opToUsd,
100:             ,
101:             uint256 updateTime,
102:             uint80 answeredInRound
103:         ) = IChainlinkOracle(opToUsdOracle).latestRoundData();
104:         
105:         require(
106:             opToUsd > 0, 
107:             "Chainlink Malfunction"
108:         );
109: 
110:         if( updateTime < block.timestamp - 1200 seconds ) {
111:             revert("Chainlink Malfunction");
112:         }

It was observed that the validation checks can be further strengthened. Refer to the recommendation for more details.

Impact

Oracle price returned might be incorrect under certain conditions.

Code Snippet

https://github.com/sherlock-audit/2024-04-alchemix/blob/main/v2-foundry/src/utils/collectors/OptimismRewardCollector.sol#L78

Tool used

Manual Review

Recommendation

Consider implementing the following check against the returned oracle price.

if (
    roundID == 0 || opToUsd <= 0 || updateTime == 0 || updateTime > block.timestamp
        || updateTime < block.timestamp - 1200
) revert InvalidDataReturned();

The L2 Sequencer Uptime Feeds were also not utilized to check the status of the L2 sequencer in the price oracle. Consider integrating it into the oracle if necessary.

Duplicate of #14
@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue labels Apr 22, 2024
@sherlock-admin4 sherlock-admin4 changed the title Sweet Hazel Weasel - Oracle's validation checks can be further strengthened xiaoming90 - Oracle's validation checks can be further strengthened Apr 30, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Apr 30, 2024
@WangSecurity WangSecurity added Excluded Excluded by the judge without consulting the protocol or the senior and removed High A valid High severity issue labels May 14, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Reward A payout will be made for this issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels May 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@WangSecurity @sherlock-admin2 @sherlock-admin4