Skip to content
This repository has been archived by the owner on Dec 17, 2023. It is now read-only.

HexHackers - Possible stale price values from Chainlink oracle #84

Closed
sherlock-admin opened this issue Jun 11, 2023 · 0 comments
Closed

HexHackers - Possible stale price values from Chainlink oracle #84

sherlock-admin opened this issue Jun 11, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Jun 11, 2023
edited by github-actions bot
Loading

HexHackers

medium

Possible stale price values from Chainlink oracle

Summary

No check for round completeness could lead to stale prices and wrong price return value, or outdated prices.

The functions that rely on accurate price feed might not work as expected, which sometimes can lead to fund loss.

Vulnerability Detail

The function getPriceFromChainlink in PriceOracle.sol does not check for round completeness.

function getPriceFromChainlink(address base, address quote) internal view returns (uint256) {
        (, int256 price,,,) = registry.latestRoundData(base, quote);
        require(price > 0, "invalid price");

        // Extend the decimals to 1e18.
        return uint256(price) * 10 ** (18 - uint256(registry.decimals(base, quote)));
    }

When getting latestRoundData, the only variable checked is the price.
However, according to Chainlink docs, answeredInRound should be checked to be == roundId

Impact

latestRoundData() might return stale results leading to wrong prices and potential loss of funds.

Code Snippet

https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/oracle/PriceOracle.sol#L66

Tool used

Manual Review

Recommendation

Add the check:

        require(answeredInRound == roundID, "Stale price");

Duplicate of #9
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 19, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 25, 2023
@sherlock-admin sherlock-admin added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Reward A payout will be made for this issue and removed Non-Reward This issue will not receive a payout labels Jul 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin