You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 17, 2023. It is now read-only.
sherlock-admin opened this issue
Jun 11, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
Answer of Chainlink oracle is not sufficently validated and can return invalid/stale price
Summary
Answers of the used Chainlink oracle are not sufficently validated and can return an invalid/stale price. A stale price can lead to wrong liquidations or over-borrowing.
But the returned results is not sufficiently validated. The only check that is done is a check for an invalid price in case the returned price is <= 0;
require(price >0, "invalid price");
The correctness of the returned oracle price is important as it used for multiple purposes:
Invalid prices in these cases will lead to wrong account liquidations and over-borrowing.
The interface of the used lastRoundData() function of the oracle (see Chainlink docs) looks as follow (paramater naming adapted to usage in IronBank project):
function latestRoundData() externalviewreturns (
uint80roundId, // The round ID.int256price, // The price.uint256startedAt, // Timestamp of when the round started.uint256updatedAt, // Timestamp of when the round was updated.uint80 answeredInRound // The round ID of the round in which the answer was computed.
)
The following additional checks are missing on the returned oracle data:
uint256 maxDelay = maxDelay[base][quote]; // <--- the project should hold information about the individual asset heartbeatsrequire(maxDelay >0, "no max delay set");
require(updatedAt >= roundId, "Stale price");
require(startedAt !=0, "round not complete");
if (updatedAt <block.timestamp- maxDelayTime){
revert("stale price");
}
Impact
Invalid assumption about an asset price results in wrong judgement of account liquidity which leads to over-borrowing or wrong liquidations.
Code Snippet
Tool used
Manual Review
Recommendation
Follow the Chainlink recommendations in regards to validating retrieved oracle data and implement the missing checks.
sherlock-admin
added
Medium
A valid Medium severity issue
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
Reward
A payout will be made for this issue
and removed
Non-Reward
This issue will not receive a payout
labels
Jul 19, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
berlin-101
medium
Answer of Chainlink oracle is not sufficently validated and can return invalid/stale price
Summary
Answers of the used Chainlink oracle are not sufficently validated and can return an invalid/stale price. A stale price can lead to wrong liquidations or over-borrowing.
Vulnerability Detail
In https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/oracle/PriceOracle.sol#L67 the price of an asset is retrieved from the Chainlink oracle.
But the returned results is not sufficiently validated. The only check that is done is a check for an invalid price in case the returned price is <= 0;
The correctness of the returned oracle price is important as it used for multiple purposes:
Invalid prices in these cases will lead to wrong account liquidations and over-borrowing.
The interface of the used
lastRoundData()
function of the oracle (see Chainlink docs) looks as follow (paramater naming adapted to usage in IronBank project):The following additional checks are missing on the returned oracle data:
Impact
Invalid assumption about an asset price results in wrong judgement of account liquidity which leads to over-borrowing or wrong liquidations.
Code Snippet
Tool used
Manual Review
Recommendation
Follow the Chainlink recommendations in regards to validating retrieved oracle data and implement the missing checks.
Duplicate of #9
The text was updated successfully, but these errors were encountered: