`latestAnswer()` may return stale values
Opened this issue · 0 comments
code423n4 commented
Lines of code
Vulnerability details
latestAnswer()
only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData()
instead, and check whether the latest timestamp is within your protocol's limits.
File: contracts/oracle/implementations/ARBTriCryptoOracle.sol
121: uint256 _btcPrice = uint256(BTC_FEED.latestAnswer()) * 1e10;
122: uint256 _wbtcPrice = uint256(WBTC_FEED.latestAnswer()) * 1e10;
123: uint256 _ethPrice = uint256(ETH_FEED.latestAnswer()) * 1e10;
124: uint256 _usdtPrice = uint256(USDT_FEED.latestAnswer()) * 1e10;
File: contracts/oracle/implementations/SGOracle.sol
51: uint256(UNDERLYING.latestAnswer())) / SG_POOL.totalSupply();
Assessed type
other