Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

ArbitraryExecution - Stale data in Oracle data feed #152

Closed
sherlock-admin opened this issue Oct 18, 2022 · 0 comments
Closed

ArbitraryExecution - Stale data in Oracle data feed #152

sherlock-admin opened this issue Oct 18, 2022 · 0 comments
Labels
Medium

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Oct 18, 2022
edited
Loading

ArbitraryExecution

medium

Stale data in Oracle data feed

The _latestAnswer64x64 function in the PricerInternal contract is used to determine the current price for the underlying asset. There is however no check to ensure that the data returned is recent enough to be valid.

function _latestAnswer64x64() internal view returns (int128) {
    (, int256 basePrice, , , ) = BaseSpotOracle.latestRoundData();
    (, int256 underlyingPrice, , , ) =
        UnderlyingSpotOracle.latestRoundData();


    return ABDKMath64x64.divi(underlyingPrice, basePrice);
}

Recommendation

Use best practices to ensure that the data is valid. For example, consider checking against the updatedAt variable returned in the result data.

Duplicate of #137
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin