Juicebox V2 contest - GalloDaSballo's results

Lines of code

https://github.com/jbx-protocol/juice-contracts-v2-code4rena/blob/828bf2f3e719873daa08081cfa0d0a6deaa5ace5/contracts/JBChainlinkV3PriceFeed.sol#L42-L43

Vulnerability details

Price Feed is not checked for freshness

In times of network conjestion, the priceFeed may take longer than expected to update, and the price may take longer than usual to update, in order to ensure the latest price is fresh (within update window), you should verify that the feed was updated recently enough

https://github.com/jbx-protocol/juice-contracts-v2-code4rena/blob/828bf2f3e719873daa08081cfa0d0a6deaa5ace5/contracts/JBChainlinkV3PriceFeed.sol#L42-L43

Here's an example of how to ensure the price was updated recently enough

    // Check Price
    (
      uint80 roundId,
      int256 answer,
      uint256 startedAt,
      uint256 updatedAt,
      uint80 answeredInRound
    ) = feed.latestRoundData();
    require(block.timestamp - updatedAt < SECONDS_PER_HOUR); // Check for freshness of feed

Lines of code

https://github.com/jbx-protocol/juice-contracts-v2-code4rena/blob/828bf2f3e719873daa08081cfa0d0a6deaa5ace5/contracts/JBPrices.sol#L115

Vulnerability details

Price Feed may get retired, updated, changed

It may be best to let the price feed be changeable as a new price feed with different update rate or threshold may be introduced in the future, however the code will not allow changing of priceFeeds.

https://github.com/jbx-protocol/juice-contracts-v2-code4rena/blob/828bf2f3e719873daa08081cfa0d0a6deaa5ace5/contracts/JBPrices.sol#L115

    if (feedFor[_currency][_base] != IJBPriceFeed(address(0))) revert PRICE_FEED_ALREADY_EXISTS();

Price feeds may also be deprecated and reintroduced with new addresses, because the function is limited by the onlyOwner it may be best to allow overwriting of the price, or setting up a new function that would enable replacing or removing a deprecated price feed.

Remediation Steps

Allow the owner to set a new price feed