Chainlink’s latestRoundData might return stale or incorrect results

[piyushshukla599]

Summary

2023-05-USSD/ussd-contracts/contracts/oracles/StableOracleDAI.sol

Line 47 in 6d7a9fd

//(uint80 roundID, int256 price, uint256 startedAt, uint256 timeStamp, uint80 answeredInRound) = priceFeedDAIETH.latestRoundData();

Impact

On ChainlinkAdapterOracle.sol, you are using latestRoundData, but there is no check if the return value indicates stale data.

Code Snippet

function getPriceUSD() external view override returns (uint256) {
address[] memory pools = new address;
pools[0] = 0x60594a405d53811d3BC4766596EFD80fd545A270;
uint256 DAIWethPrice = DAIEthOracle.quoteSpecificPoolsWithTimePeriod(
1000000000000000000, // 1 Eth
0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2, // WETH (base token)
0x6B175474E89094C44Da98b954EedeAC495271d0F, // DAI (quote token)
pools, // DAI/WETH pool uni v3
600 // period
);

    uint256 wethPriceUSD = ethOracle.getPriceUSD();

    // chainlink price data is 8 decimals for WETH/USD, so multiply by 10 decimals to get 18 decimal fractional
    //(uint80 roundID, int256 price, uint256 startedAt, uint256 timeStamp, uint80 answeredInRound) = priceFeedDAIETH.latestRoundData();
    (, int256 price, , , ) = priceFeedDAIETH.latestRoundData();

    return
        (wethPriceUSD * 1e18) /
        ((DAIWethPrice + uint256(price) * 1e10) / 2);
}

}

Reference

sherlock-audit/2023-02-blueberry-judging#94

Manual Review

Recommendation

add this code

 //Solution
    require(updatedAt >= roundID, "Stale price");
    require(timestamp != 0,"Round not complete");
    require(answer > 0,"Chainlink answer reporting 0");