This repository has been archived by the owner on May 26, 2023. It is now read-only.
ctf_sec - Lack of price freshness check in PricerInternal.sol#_latestAnswer64x64() allows a stale price or zero price to be used #19
Labels
ctf_sec
medium
Lack of price freshness check in PricerInternal.sol#_latestAnswer64x64() allows a stale price or zero price to be used
Summary
PricerInternal.sol#_latestAnswer64x64() should use the updatedAt value from the latestRoundData() function to make sure that the latest answer is recent enough to be used in function _latestAnswer64x6 in PricerInternal
Vulnerability Detail
In the current implementation of PricerInternal.sol#_latestAnswer64x64() there is no freshness check. This could lead to stale prices being used.
If the market price of the token drops very quickly ("flash crashes"), and Chainlink's feed does not get updated in time, the smart contract will continue to believe the token is worth more than the market value.
Chainlink also advise developers to check for the updatedAt before using the price:
And they have this heartbeat concept:
Source: https://docs.chain.link/docs/data-feeds/#check-the-timestamp-of-the-latest-answer
Impact
A stale price can cause the malfunction of price oracle
the function getDeltaStrikePrice64x64(), and latestAnswer64x64() can be invalid or outdated.
Thus affecting the strike price when creating or executing a option contract.
Code Snippet
https://github.com/sherlock-audit/2022-09-knox/blob/main/knox-contracts/contracts/pricer/PricerInternal.sol#L49-L55
Tool used
Manual Review
Recommendation
Consider adding the missing freshness check for stale price or zero price using round id and updatedTime
Duplicate of #137
The text was updated successfully, but these errors were encountered: