Chainlink's latestRoundData
might return stale or incorrect results
#69
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
M-04
primary issue
Highest quality submission among a set of duplicates
🤖_91_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/PriceFeed.sol#L46
Vulnerability details
Impact
In the
PriceFeed
contract, the protocol uses a ChainLink aggregator to fetch thelatestRoundData()
, but there is no check if the return value indicates stale data. The only check present is for thequoteAnswer
to be> 0
, however, this alone is not sufficient.The protocol mentions that:
However, this
stale
period check is only currently applied to thePyth
integration, where the ChainLink feed is not considered for stale data.This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/docs/historical-price-data/#historical-rounds
https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round
This discrepancy could have the protocol produce incorrect values for very important functions in different places across the system, such as
GammaTradeMarket
,PositionCalculator
,LiquidationLogic
, etc.Proof of Concept
https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/PriceFeed.sol#L46
https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/libraries/PositionCalculator.sol#L141
Tools Used
Manual review
Recommended Mitigation Steps
Consider adding missing checks for stale data.
Assessed type
Oracle
The text was updated successfully, but these errors were encountered: