You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
Oracle data feed is insufficiently validated. There is no check for stale price and round completeness.
Price can be stale and can lead to wrong price return value.
Impact
Price can be stale and can lead to wrong price return value.
Code Snippet
Function _latestAnswer64x64() calls latestRoundData() to get the basePrice and underlyingPrice
minhquanym
medium
Oracle data feed is insufficiently validated.
Summary
Oracle data feed is insufficiently validated.
https://github.com/sherlock-audit/2022-09-knox/blob/main/knox-contracts/contracts/pricer/PricerInternal.sol#L49-L55
Vulnerability Detail
Oracle data feed is insufficiently validated. There is no check for stale price and round completeness.
Price can be stale and can lead to wrong
price
return value.Impact
Price can be stale and can lead to wrong
price
return value.Code Snippet
Function
_latestAnswer64x64()
callslatestRoundData()
to get thebasePrice
andunderlyingPrice
Tool used
Manual Review
Recommendation
Consider adding validation for data feed
Duplicate of #137
The text was updated successfully, but these errors were encountered: