Freshness of pricefeed not checked properly leads to the usage of stale pricefeeds. #96
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-69
🤖_91_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/PriceFeed.sol#L44C1-L58C6 #L45
Vulnerability details
Impact
Oracle data feeds can return stale pricing data for a variety of reasons. If the returned pricing data is stale, this code will execute with prices that don’t reflect the current pricing resulting in a potential loss of funds for the user and/or the protocol
Proof of Concept
Tools Used
Manual Review
Recommended Mitigation Steps
Smart contract should always check the updatedAt parameter returned from latestRoundData() and compare it to a staleness threshold:
Assessed type
Oracle
The text was updated successfully, but these errors were encountered: