You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 7, 2024. It is now read-only.
sherlock-admin opened this issue
Jul 3, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
Oracle.sol#getUnderlyingPrice/getLatestRoundData - no additional checks for stale return data
Summary
The Oracle.sol serves the purpose of providing accurate prices for the provided underlying assets, using the AggregatorV3's latestRoundData function if no stable price is defined for the given asset. Due to lack of checks on the additional return data other than the price, stale data can be passed back to the other contracts.
Vulnerability Detail
In Oracle.sol's getUnderlyingPrice(address underlying) we check for the existence of a stable price for said asset and if it is 0, a.k.a not initialized then we get the data from the oracle. A check is done to confirm the returned price (answer in the contract) is positive, but never check the other returned variables to confirm that the data is not stale.
Impact
This could lead to stale prices thus disrupting calculations and leading to unexpected damage to funds inside the protocol.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
p-tsanev
medium
Oracle.sol#getUnderlyingPrice/getLatestRoundData - no additional checks for stale return data
Summary
The Oracle.sol serves the purpose of providing accurate prices for the provided underlying assets, using the AggregatorV3's latestRoundData function if no stable price is defined for the given asset. Due to lack of checks on the additional return data other than the price, stale data can be passed back to the other contracts.
Vulnerability Detail
In Oracle.sol's
getUnderlyingPrice(address underlying)
we check for the existence of a stable price for said asset and if it is 0, a.k.a not initialized then we get the data from the oracle. A check is done to confirm the returned price (answer
in the contract) is positive, but never check the other returned variables to confirm that the data is not stale.Impact
This could lead to stale prices thus disrupting calculations and leading to unexpected damage to funds inside the protocol.
Code Snippet
https://github.com/sherlock-audit/2023-04-hubble-exchange/blob/main/hubble-protocol/contracts/Oracle.sol#L107-L123
https://github.com/sherlock-audit/2023-04-hubble-exchange/blob/main/hubble-protocol/contracts/Oracle.sol#L24-L36
Tool used
Manual Review
Recommendation
There are tons of related reports mitigating this risk like:
code-423n4/2021-05-fairside-findings#70
sherlock-audit/2023-02-blueberry-judging#94
Duplicate of #18
The text was updated successfully, but these errors were encountered: