Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

8olidity - Price oracle could get a stale price #89

Closed
github-actions bot opened this issue Dec 11, 2022 · 0 comments
Closed

8olidity - Price oracle could get a stale price #89

github-actions bot opened this issue Dec 11, 2022 · 0 comments
Labels
Duplicate Medium Reward

Comments

@github-actions
Copy link

github-actions bot commented Dec 11, 2022
edited
Loading

8olidity

medium

Price oracle could get a stale price

Summary

getOraclePrice() will get signedPrice and timeStamp from Chainlink oracle. But it doesn't check round id ,leading to it may get a stale price from Chainlink oracle.

Vulnerability Detail

getOraclePrice() will get signedPrice and timeStamp from Chainlink oracle. But it doesn't check round id ,leading to it may get a stale price from Chainlink oracle.

    function getOraclePrice(IAggregatorV3 _priceFeed, int192 _maxPrice, int192 _minPrice) public view returns (uint256 ) {
        (
            /*uint80 roundID*/,
            int signedPrice,
            /*uint startedAt*/,
            uint timeStamp,
            /*uint80 answeredInRound*/
        ) = _priceFeed.latestRoundData();
        //check for Chainlink oracle deviancies, force a revert if any are present. Helps prevent a LUNA like issue
        require(signedPrice > 0, "Negative Oracle Price");
        require(timeStamp >= block.timestamp - HEARTBEAT_TIME , "Stale pricefeed");
        require(signedPrice < _maxPrice, "Upper price bound breached");
        require(signedPrice > _minPrice, "Lower price bound breached");
        uint256 price = uint256(signedPrice);
        return price;


    }

ref:https://github.com/sherlock-audit/2022-09-notional-judging/tree/7a9f89b45f7a49c21941b3eebe13251a326d75bf#issue-m-2-price-oracle-could-get-a-stale-price

Impact

Price oracle could get a stale price without checking roundId.

Code Snippet

https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Velo-Deposit-Tokens/contracts/DepositReceipt_Base.sol#L164-L178

Tool used

Manual Review

Recommendation

Check  roundId when getting price

    function getOraclePrice(IAggregatorV3 _priceFeed, int192 _maxPrice, int192 _minPrice) public view returns (uint256 ) {
        (
            uint80 roundID,
            int signedPrice,
            /*uint startedAt*/,
            uint timeStamp,
            /*uint80 answeredInRound*/
        ) = _priceFeed.latestRoundData();
        //check for Chainlink oracle deviancies, force a revert if any are present. Helps prevent a LUNA like issue
        require(signedPrice > 0, "Negative Oracle Price");
        require(answeredInRound >= roundID, "Stale price");
        require(timeStamp >= block.timestamp - HEARTBEAT_TIME , "Stale pricefeed");
        require(signedPrice < _maxPrice, "Upper price bound breached");
        require(signedPrice > _minPrice, "Lower price bound breached");
        uint256 price = uint256(signedPrice);
        return price;


    }

Duplicate of #200
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate Medium Reward
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin