Skip to content

Latest commit

 

History

History
44 lines (27 loc) · 2.34 KB

027.md

File metadata and controls

44 lines (27 loc) · 2.34 KB

saidam017

medium

Chainlink oracle data is not validated, could return unwanted price value.

Summary

Necessary sanity checked against Chainlink price feeds data is not performed. The functions rely on this data may not work properly and due to not pause able nature of the protocol, could even result in breaking the protocol.

Vulnerability Detail

StableOracleWETH.sol, StableOracleWBTC.sol and StableOracleDAI.sol are calling chainlink price feed's latestRoundData() to get the price of the token, but no necessary sanity checked (returned price, timestamp and round completeness) is performed.

According to Chainlink's documentation :

  1. this function does not error if no answer has been reached but returns 0 or outdated stale price.
  2. "A read can revert if the caller is requesting the details of a round that was invalid or has not yet been answered. If you are deriving a round ID without having observed it before, the round might not be complete. To check the round, validate that the timestamp on that round is not 0."
  3. roundId and answeredInRound are also returned. “You can check answeredInRound against the current roundId. If answeredInRound is less than roundId, the answer is being carried over. If answeredInRound is equal to roundId, then the answer is fresh.”

Impact

If there is a problem with chainlink (node problem, congestion or attack on system), Not checking the returned price at least greater than 0, or using stale price could break mint and rebalance process. and due to not pause able nature of the protocol, this could break the protocol.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L48 https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWETH.sol#L23 https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWBTC.sol#L23

Tool used

Manual Review

Recommendation

Update the code to perform these check :

  (uint80 roundId, int256 price, , uint256 updatedAt, uint80 answeredInRound) = priceFeed.latestRoundData();
  require(answeredInRound >= roundId, "round is stale");
  require(updatedAt > 0, "round is incomplete");
  require(price > 0, "Invalid feed answer");