This repository has been archived by the owner on Dec 17, 2023. It is now read-only.
mstpr-brainbot - Chainlink price "answer" is not validated #62
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
the
Excluded
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
mstpr-brainbot
medium
Chainlink price "answer" is not validated
Summary
Currently, the oracle contracts do not validate the "answer" parameters returned by Chainlink that provide the price data. In scenarios where the price returned is 0, which is highly unusual and indicative of a problem, the contract should disregard such an answer.
Vulnerability Detail
The "answer" parameters returned by Chainlink, which provide the price data, are not currently verified within the oracle contracts. If the price returned is 0 - a highly unlikely situation that typically suggests an issue - the contract should be set to ignore such an answer from the price feed.
Impact
Code Snippet
https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial-oracle/contracts/ChainlinkFeedOracle.sol#L92-L159
Tool used
Manual Review
Recommendation
Check the pricer whether its 0 or you can introduce a buffer on the previous price and compare with that
The text was updated successfully, but these errors were encountered: