Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

0xNazgul - [NAZ-M2] Lack of Price Freshness Check In _latestAnswer64x64() Allows A Stale Price To Be Used #98

Closed
sherlock-admin opened this issue Oct 18, 2022 · 0 comments
Closed

0xNazgul - [NAZ-M2] Lack of Price Freshness Check In _latestAnswer64x64() Allows A Stale Price To Be Used #98

sherlock-admin opened this issue Oct 18, 2022 · 0 comments
Labels
Medium

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Oct 18, 2022
edited
Loading

0xNazgul

medium

[NAZ-M2] Lack of Price Freshness Check In _latestAnswer64x64() Allows A Stale Price To Be Used

Summary

PricerInternal.sol should use the updatedAt value from the latestRoundData() function to make sure that the latest answer is recent enough to be used.

Vulnerability Detail

This could lead to stale prices being used.

If the market price of the token drops very quickly ("flash crashes"), and Chainlink's feed does not get updated in time, the smart contract will continue to believe the token is worth more than the market value.

Chainlink also advise developers to check for the updatedAt before using the price

Impact

A stale price can cause the malfunction of multiple features across the protocol.

Code Snippet

PricerInternal.sol#L50-L52

Tool used

Manual Review

Recommendation

Consider adding the missing freshness check for stale price.

Duplicate of #137
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin