0xbepresent
medium
Chainlink.latestRoundData() may return stale results
Summary
The Oracle.getUnderlyingPrice() function is used to get the price of tokens, the problem is that the function does not check for stale results.
Vulnerability Detail
The Oracle.getUnderlyingPrice() function is used in InsuranceFund, MarginAccount and AMM contracts. The Oracle.getUnderlyingPrice() helps to determine the tokens prices managed in the contracts.
The problem is that there is not check for stale data. There are some reasons that the price feed can become stale.
Impact
Since the token prices are used in many contracts, stale data could be catastrophic for the project.
Code Snippet
The Oracle.getUnderlyingPrice() is used by the next contracts:
Tool used
Manual review
Recommendation
Read the updatedAt return value from the Chainlink.latestRoundData() function and verify that is not older than than specific time tolerance.
require(block.timestamp - udpatedData < toleranceTime, "stale price");
0xbepresent
medium
Chainlink.latestRoundData()may return stale resultsSummary
The Oracle.getUnderlyingPrice() function is used to get the price of tokens, the problem is that the function does not check for stale results.
Vulnerability Detail
The Oracle.getUnderlyingPrice() function is used in InsuranceFund, MarginAccount and AMM contracts. The
Oracle.getUnderlyingPrice()helps to determine the tokens prices managed in the contracts.The problem is that there is not check for stale data. There are some reasons that the price feed can become stale.
Impact
Since the token prices are used in many contracts, stale data could be catastrophic for the project.
Code Snippet
The Oracle.getUnderlyingPrice() is used by the next contracts:
Tool used
Manual review
Recommendation
Read the updatedAt return value from the
Chainlink.latestRoundData()function and verify that is not older than than specific time tolerance.