Chainlink oracle query in _validateOrder does not check that response is fresh
#70
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
Comments
code423n4
added
2 (Med Risk)
code423n4
added a commit
that referenced
this issue
Jan 29, 2022
|
Duplicate #178 |
|
A duplicate of #197 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
TomFrenchBlockchain
Vulnerability details
Impact
Potential for TreasuryManager to use a stale price to calculate the slippage limit, allowing unacceptable slippage relative to if the price feed was current.
Proof of Concept
EIP1271Wallet queries Chainlink for the most recent price for various assets, however it does not check that the response from Chainlink is fresh. If the Chainlink oracle is providing stale data then EIP1271Wallet may think the
priceFloorshould be lower than it is in reality and so be subject to a larger amount of slippage, leaking value.Recommended Mitigation Steps
EIP1271Wallet should instead use the
latestRoundDatamethod and explicitly check that the data is fresh. See previous issue: code-423n4/2021-07-wildcredit-findings#75The text was updated successfully, but these errors were encountered: