Chom - TradingModule oracle is missing check for stale price in roundID
Closed this issue · 0 comments
sherlock-admin commented
Chom
medium
TradingModule oracle is missing check for stale price in roundID
Summary
WstETHChainlinkOracle is missing a check for stale price in roundID
Vulnerability Detail
(/* */, int256 basePrice, /* */, uint256 bpUpdatedAt, /* */) = baseOracle.oracle.latestRoundData();
require(block.timestamp - bpUpdatedAt <= maxOracleFreshnessInSeconds);
require(basePrice > 0); /// @dev: Chainlink Rate Error
(/* */, int256 quotePrice, /* */, uint256 qpUpdatedAt, /* */) = quoteOracle.oracle.latestRoundData();
require(block.timestamp - qpUpdatedAt <= maxOracleFreshnessInSeconds);
require(quotePrice > 0); /// @dev: Chainlink Rate Error
Only freshness and negative price are checked. Round ID check is being ignored.
Impact
This could lead to stale prices according to the Chainlink documentation:
https://docs.chain.link/docs/historical-price-data/#historical-rounds
https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round
Code Snippet
Tool used
Manual Review
Recommendation
Add round ID check
(uint80 baseRoundID, int256 basePrice, /* */, uint256 bpUpdatedAt, uint80 baseAnsweredInRound) = baseOracle.oracle.latestRoundData();
require(baseAnsweredInRound >= baseRoundID, "Stale price");
require(block.timestamp - bpUpdatedAt <= maxOracleFreshnessInSeconds);
require(basePrice > 0); /// @dev: Chainlink Rate Error
(uint80 quoteRoundID, int256 quotePrice, /* */, uint256 qpUpdatedAt, uint80 quoteAnsweredInRound) = quoteOracle.oracle.latestRoundData();
require(quoteAnsweredInRound >= quoteRoundID, "Stale price");
require(block.timestamp - qpUpdatedAt <= maxOracleFreshnessInSeconds);
require(quotePrice > 0); /// @dev: Chainlink Rate Error
Duplicate of #133