Chainlink Oracle priceFeed Data May Return Stale Prices #243
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-69
edited-by-warden
🤖_91_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/main/src/PriceFeed.sol#L44-L58
Vulnerability details
Impact
The
PriceFeed
contract does not sufficiently validate the Chainlink oracle data feed for stale prices. The failure to validate the freshness of the price may result in the usage of stale prices, leading to incorrect calculations where price matters.Proof of Concept
In the
PriceFeed
contract, thegetSqrtPrice()
function retrieves the price ofQuote Token
using Chainlink's latestRoundData function, without validating the freshness of the returned price. It simply takes the price from the returned data, ignoring other returned parameters such as updatedAt and roundId.The unverified return price is used to calculate the square root price of the base token, which is calculated in terms of the quote token in #L54 of the code snippet below.
The
sqrtPrice
sqrtPricereturn price is used for slippage checking in the
SlippageLib.sol#checkPrice()` function.Failure to verify the latestness of prices may result in the use of outdated prices, and slippage checks on trading results may not be performed correctly.
According to Chainlink's documentation,
updatedAt
parameter can help verify whether the returned answer is fresh or not.Tools Used
Manual Review
Recommended Mitigation Steps
Please verify whether the price is fresh or stale.
Assessed type
Oracle
The text was updated successfully, but these errors were encountered: