Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

BugHunter101 - Using latestRoundData() function but does not check return's validity #53

Closed
sherlock-admin opened this issue Jun 29, 2023 · 0 comments
Closed

BugHunter101 - Using latestRoundData() function but does not check return's validity #53

sherlock-admin opened this issue Jun 29, 2023 · 0 comments
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout

Comments

@sherlock-admin
Copy link
Contributor

BugHunter101

medium

Using latestRoundData() function but does not check return's validity

Summary

Using latestRoundData() function but does not check return's validity

Vulnerability Detail

As we can see, ChainLinkOraclePivot.sol are using latestRoundData, but there is no check if the return value indicates stale data

function _getLatestRoundData()
        internal
        view
        returns (
            uint256 priceA,
            uint256 priceB,
            uint8 priceFeedADecimals,
            uint8 priceFeedBDecimals
        )
    {
        try priceFeedA.latestRoundData() returns (
            uint80,
            int256 price,
            uint256,
            uint256 updatedAt,
            uint80
        ) {
            require(
                block.timestamp - updatedAt <= outdated, // solhint-disable-line not-rely-on-time
                "ChainLinkOracle: priceFeedA outdated."
            );

            priceA = SafeCast.toUint256(price);
        } catch {
            revert("ChainLinkOracle: price feed A call failed.");
        }

        try priceFeedB.latestRoundData() returns (//@audit-issue 
            uint80,
            int256 price,
            uint256,
            uint256 updatedAt,
            uint80
        ) {
            require(
                block.timestamp - updatedAt <= outdated, // solhint-disable-line not-rely-on-time
                "ChainLinkOracle: priceFeedB outdated."
            );

            priceB = SafeCast.toUint256(price);
        } catch {
            revert("ChainLinkOracle: price feed B call failed.");
        }

        priceFeedADecimals = priceFeedA.decimals();
        priceFeedBDecimals = priceFeedB.decimals();
    }

Impact

This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/data-feeds/price-feeds/historical-data
Related report:
code-423n4/2021-05-fairside-findings#70

Code Snippet

https://github.com/sherlock-audit/2023-06-arrakis/blob/main/v2-manager-templates/contracts/oracles/ChainLinkOraclePivot.sol#L239

Tool used

Manual Review

Recommendation

Add the below check for returned data. you can refer to:
sherlock-audit/2023-02-blueberry-judging#94
@github-actions github-actions bot closed this as completed Jul 3, 2023
@github-actions github-actions bot added the Excluded Excluded by the judge without consulting the protocol or the senior label Jul 3, 2023
@sherlock-admin sherlock-admin added the Non-Reward This issue will not receive a payout label Jul 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin