Platform: Code4rena
Start Date: 02/06/2023
Pot Size: $100,000 USDC
Total HM: 15
Participants: 75
Period: 7 days
Judge: Picodes
Total Solo HM: 5
Id: 249
League: ETH
Rank: 45/75
Findings: 1
Award: $31.80
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Madalad
Also found by: Aymen0909, Bauchibred, Breeje, DadeKuma, Hama, LaScaloneta, Madalad, MohammedRizwan, bin2chen, dwward3n, erictee, etherhood, kutugu, peanuts, piyushshukla, rvierdiiev, saneryee, tallo, turvy_fuzz, whimints
31.7954 USDC - $31.80
https://github.com/code-423n4/2023-06-stader/tree/main/contracts/StaderOracle.sol#L647-L649
Across these contracts, you are using Chainlink's latestRoundData API, but there is only a check on updatedAt. The result of latestRoundData API will be used across various functions, therefore, a stale price from Chainlink can lead to loss of funds to end-users.
Total: 2
contracts/StaderOracle.sol#L647-L649
647: .latestRoundData(); ... 649: .latestRoundData();
Consider adding checks on the return data with proper revert messages if the price is stale or the round is incomplete.
require(price > 0, "Chainlink price <= 0");
Invalid Validation
#0 - c4-judge
2023-06-12T13:01:36Z
Picodes marked the issue as duplicate of #15
#1 - c4-judge
2023-07-02T10:49:52Z
Picodes marked the issue as satisfactory