Platform: Code4rena
Start Date: 08/06/2022
Pot Size: $115,000 USDC
Total HM: 26
Participants: 72
Period: 11 days
Judge: leastwood
Total Solo HM: 14
Id: 132
League: ETH
Rank: 50/72
Findings: 1
Award: $195.02
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: BowTiedWardens
Also found by: 0x1f8b, 0x29A, 0x52, 0xNazgul, 0xNineDec, 0xf15ers, 0xkatana, 0xmint, Chom, ElKu, Funen, IllIllI, JMukesh, Jujic, Kaiziron, Lambda, MiloTruck, Ruhum, SmartSek, SooYa, TerrierLover, TomJ, WatchPug, Waze, _Adam, asutorufos, auditor0517, bardamu, c3phas, catchup, cccz, ch13fd357r0y3r, cloudjunky, cmichel, cryptphi, csanuragjain, defsec, fatherOfBlocks, hansfriese, hyh, jayjonah8, joestakey, k, kenta, obtarian, oyc_109, robee, sach1r0, shenwilly, simon135, slywaters, sorrynotsorry, tintin, unforgiven, xiaoming90, zzzitron
195.0221 USDC - $195.02
Price data returned by latestRoundData could be stale. This would create a situation where any contract consuming price information from Connext's oracle module would rely on an incorrect asset price.
As can be seen in function getPriceFromChainlink the answer from aggregator.latestRoundData() is assumed to be valid if it is non-zero and returned to the caller in getTokenPrice. However, aggregator data could be stale and therefore be outdated, which would propagate an incorrect price.
vim
The caller should always check that latestRoundData is returning sane and up to date values.
Properties updatedAt and answeredInRound are of particular interest here. For example, answeredInRound could be checked against the current roundId to verify price information has been updated within a certain threshold.
function latestRoundData() public override view checkAccess() returns ( uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound ) { return super.latestRoundData(); }
#0 - ecmendenhall
2022-06-20T05:31:24Z
Duplicate of #190
#1 - jakekidd
2022-06-24T21:40:05Z