Platform: Code4rena
Start Date: 28/11/2022
Pot Size: $192,500 USDC
Total HM: 33
Participants: 106
Period: 11 days
Judge: LSDan
Total Solo HM: 15
Id: 186
League: ETH
Rank: 99/106
Findings: 1
Award: $18.31
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x52, 0xNazgul, Franfran, IllIllI, Jeiwan, Lambda, RaymondFam, Rolezn, Trust, __141345__, codecustard, erictee, gzeon, hansfriese, imare, rbserver, rvierdiiev, seyni, skinz, ujamal_
18.3064 USDC - $18.31
Chainlink documentation states that latestAnswer() is deprecated. If no answer is received it will return 0. If chainlink stops support, the function may stop working, causing Oracle price to default to fallback, even though Chainlink Oracle may still be available. This may potentially lead to oracle price manipulation.
https://github.com/code-423n4/2022-11-paraspace/blob/c01a980e5d6e15b2993b912c3569ed8b5236ff33/paraspace-core/contracts/misc/ParaSpaceOracle.sol#L128 AAVE vulnerability: https://governance.aave.com/t/bgd-proposal-for-bounty-fallback-oracle-misconfiguration/8421
Code Editor
Recommend using latestRoundData() for Chainlink price data instead. https://docs.chain.link/docs/price-feeds-api-reference/
#0 - c4-judge
2022-12-20T14:05:15Z
dmvt marked the issue as primary issue
#1 - c4-judge
2023-01-23T15:57:41Z
dmvt marked the issue as satisfactory
#2 - C4-Staff
2023-02-01T19:10:45Z
captainmangoC4 marked issue #420 as primary and marked this issue as a duplicate of 420