In method currentValue() Chainlink returned data is not checked for being stale

Summary

As per ChainLink docs, We should use latestRound() which provides more information. We should check if the roundID is valid and if the updatedAt is not too old. https://docs.chain.link/data-feeds/api-reference

Root Cause

In https://github.com/sherlock-audit/2024-11-oku/blob/main/oku-custom-order-types/contracts/oracle/External/OracleRelay.sol#L19 the code relies on latestAnswer() method. Which can provide stale data and doesn't ensure the latest data.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

Stale prices lead to monitory loss. As it creates an opportunity for people to drain liquidity and profit from the price difference.

PoC

No response

Mitigation

Integrate latestRoundData() method. Check if the roundID is valid and updatedAt is not older than a certain threshold. Otherwise revert and wait for the price updates.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

009.md

009.md

In method currentValue() Chainlink returned data is not checked for being stale

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

009.md

Latest commit

History

009.md

File metadata and controls

In method currentValue() Chainlink returned data is not checked for being stale

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation