Dry Aqua Sheep
Medium
There is a missing check if asset price is latest or staled. The implementation only returns priceFeed of asset and only checks if sequencer is down.
Missing checks if chainlink pricefeed is staled, it only checks if price is above 0, but didn't check if the price feed has been updated.
function getThePrice(address tokenAddress) public view returns (int) {
// falta hacer un chequeo para las l2
address _priceFeed = priceFeeds[tokenAddress];
require(!isPaused, "Contract is paused");
require(_priceFeed != address(0), "Price feed not set");
AggregatorV3Interface priceFeed = AggregatorV3Interface(_priceFeed);
// if sequencer is set, check if it's up
// if it's down, revert
if (address(sequencerUptimeFeed) != address(0)) {
checkSequencer();
}
(, int price, , , ) = priceFeed.latestRoundData(); //@audit-issue
require(isFeedAvailable[_priceFeed], "Price feed not available");
require(price > 0, "Invalid price");
return price;
}No response
- Prices yet to be updated by chainlink node.
No response
Potentially causes inaccurate and unfair liquidation to borrowers.
No response
Follow Chainlink's Documentation: https://docs.chain.link/docs/historical-price-data/#historical-rounds https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round