Phuture Finance contest - berndartmueller's results

Crypto index platform, that simplifies your investments through automated, themed index products.

General Information

Platform: Code4rena

Start Date: 19/04/2022

Pot Size: $30,000 USDC

Total HM: 10

Participants: 43

Period: 3 days

Judges: moose-code, JasoonS

Total Solo HM: 7

Id: 90

League: ETH

Phuture Finance

Findings Distribution

Researcher Performance

Rank: 42/43

Findings: 1

Award: $22.05

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Phuture Finance

Findings Information

🌟 Selected for report: cccz

Also found by: 0xkatana, Dravee, IllIllI, WatchPug, berndartmueller, defsec, fatima_naz, jah, kebabsec, kenta, pedroais, peritoflores, rayn, reassor, tabish

Awards

22.0499 USDC - $22.05

Labels

bug

duplicate

2 (Med Risk)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L83 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L84

Vulnerability details

Impact

In ChainlinkPriceOracle.sol, latestRoundData() is used but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation:

Proof of Concept

ChainlinkPriceOracle.sol#L83
ChainlinkPriceOracle.sol#L84

Tools Used

Manual review

Recommended mitigation steps

Additionally to the already existing check require(basePrice > 0 && quotePrice > 0, "ChainlinkPriceOracle: NEGATIVE"); consider adding checks for stale data.

(uint80 basePriceRoundID, int basePrice, , uint256 basePriceTimestamp, uint80 basePriceAnsweredInRound) = baseAggregator.latestRoundData();
(uint80 quotePriceRoundID, int quotePrice, , uint256 quotePriceTimestamp, uint80 quotePriceAnsweredInRound) = assetInfo.aggregator.latestRoundData();

require(basePrice > 0 && quotePrice > 0, "ChainlinkPriceOracle: NEGATIVE");
require(basePriceAnsweredInRound >= basePriceRoundID && quotePriceAnsweredInRound >= quotePriceRoundID, "ChainlinkPriceOracle: STALE PRICE"); // @audit-info add stale check
require(basePriceTimestamp != 0 && quotePriceTimestamp != 0, "ChainlinkPriceOracle: ROUND INCOMPLETE"); // @audit-info add round incomplete check

#0 - olivermehr
2022-05-02T20:24:09Z

duplicate of issue #1

Phuture Finance contest - berndartmueller's results

Crypto index platform, that simplifies your investments through automated, themed index products.

General Information

Findings Distribution

Researcher Performance

External Links

[M-02] Chainlink's `latestRoundData` might return stale or incorrect results - $22.05

Findings Information

Awards

Labels

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended mitigation steps

#0 - olivermehr2022-05-02T20:24:09Z

#0 - olivermehr
2022-05-02T20:24:09Z