This repository has been archived by the owner on Nov 12, 2023. It is now read-only.
m9800 - M-1 : chainlinkAdaptor.sol getMarkPrice() return stale or incorrect result #368
Labels
Non-Reward
This issue will not receive a payout
m9800
medium
M-1 : chainlinkAdaptor.sol getMarkPrice() return stale or incorrect result
Summary
Vulnerability Detail
Impact
The function getMarkPrice() in chainlinkAdaptor.sol is using IChainlink(chainlink).latestRoundData() but no check on roundId is performed and prices could be stale data.
Code Snippet
https://github.com/JOJOexchange/smart-contract-EVM/blob/4a95a8e9a6367ae88dc827e29467229cb5bbad4f/contracts/adaptor/chainlinkAdaptor.sol#L43
Tool used
Manual Review
Recommendation
Similar issue: sherlock-audit/2023-02-blueberry-judging#94
Duplicate of #173
The text was updated successfully, but these errors were encountered: