GimelSec - Price oracle could get a stale price
Opened this issue · 1 comments
sherlock-admin commented
GimelSec
medium
Price oracle could get a stale price
Summary
_calculateAnswer()
will get baseAnswer
from Chainlink oracle. But it doesn't check round id and timestamp, leading to it may get a stale price from Chainlink oracle.
Vulnerability Detail
In wstETHChainlinkOracle.sol, it check baseAnswer
> 0, but it doesn't check for the stale price by updateAt
and roundId
.
Impact
Price oracle could get a stale price without checking roundId
.
Code Snippet
Tool used
Manual Review
Recommendation
Check answer
, updateAt
and roundId
when getting price:
(uint80 roundId, int256 answer, , uint256 updatedAt, uint80 answeredInRound) = oracle.latestRoundData();
require(updatedAt > 0, "Round is not complete");
require(answer >= 0, "Malfunction");
require(answeredInRound >= roundID, "Stale price");
jeffywu commented
Chainlink oracle freshness check added here: notional-finance/leveraged-vaults@3a8fe26