Use of deprecated Chainlink function "latestAnswer()" #199
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-655
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/utils/TradingLibrary.sol#L113
Vulnerability details
Impact
The protocol uses Chainlink to verify price feeds. According to the documentation:
In the current implementation, the API used to check the Chainlink price feed is deprecated and can return stale prices.
Therefore, 2% prices difference can happen more frequently as
oracle network
prices can be ahead of ChainlinklatestAnswer()
.This is especially true in:
Proof of Concept
The function
verifyPrice
is used to validate the price feed during trading operations.It then validates that the price received from the oracle network is not more or less then 2% from the Chainlink price result.
verifyPrice
inTradingLibrary
:https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/utils/TradingLibrary.sol#L113
As you can see in the above function:
IPrice(_chainlinkFeed).latestAnswer();
is used.latestAnswer
is deprecated by Chainlink and should not be used:https://docs.chain.link/data-feeds/price-feeds/api-reference/#latestanswer
latestAnswer
can return stale prices, there is no valid way to check the time of the received price.latestRoundData
should be used.Tools Used
VS Code
Recommended Mitigation Steps
Use
latestRoundData
instead oflatestAnswer
.When
latestRoundData
you can validate that the timestamp of the price received is recent and matching to_validSignatureTimer
threshold you already check the oracle network price data on.If price is stale, either revert the transaction or don't check the 2% difference.
Additionally round completeness should also be checked
The text was updated successfully, but these errors were encountered: