GimelSec - Price oracle could get a stale price

Question

GimelSec - Price oracle could get a stale price

Opened this issue 2 years ago · 1 comments

GimelSec

medium

Price oracle could get a stale price

Summary

_calculateAnswer() will get baseAnswer from Chainlink oracle. But it doesn't check round id and timestamp, leading to it may get a stale price from Chainlink oracle.

Vulnerability Detail

In wstETHChainlinkOracle.sol, it check baseAnswer > 0, but it doesn't check for the stale price by updateAt and roundId.

Impact

Price oracle could get a stale price without checking roundId.

Code Snippet

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/oracles/wstETHChainlinkOracle.sol#L26-L44

Tool used

Manual Review

Recommendation

Check answer, updateAt and roundId when getting price:

        (uint80 roundId, int256 answer, , uint256 updatedAt, uint80 answeredInRound) = oracle.latestRoundData();

        require(updatedAt > 0, "Round is not complete");
        require(answer >= 0, "Malfunction");
        require(answeredInRound >= roundID, "Stale price");

Answer 1 · 2022-11-13T00:46:06.000Z

Chainlink oracle freshness check added here: notional-finance/leveraged-vaults@3a8fe26