Fantastic Pickle Starfish
Medium
There is a missing check for stale price in DebitaChainlink.sol::42 and DebitaChainlink.sol::50.
In DebitaChainlink.sol::42 and DebitaChainlink.sol::50 there is a missing check for stale price returned from the oracle.
None
- Oracle price is stale.
- This stale price is fetched and used because there is no logic to prevent that.
None
Stale price can lead to wrong calculations and computations inside the protocol's logic
None
Add the following changes to the function to ensure only correct data will be returned from the given function.
function getThePrice(address tokenAddress) public view returns (int) {
// falta hacer un chequeo para las l2
address _priceFeed = priceFeeds[tokenAddress];
require(!isPaused, "Contract is paused");
require(_priceFeed != address(0), "Price feed not set");
AggregatorV3Interface priceFeed = AggregatorV3Interface(_priceFeed);
// if sequencer is set, check if it's up
// if it's down, revert
if (address(sequencerUptimeFeed) != address(0)) {
checkSequencer();
}
- (, int price, , , ) = priceFeed.latestRoundData();
+ (uint80 quoteRoundID, int256 price,, uint256 quoteTimestamp, uint80 quoteAnsweredInRound) = priceFeed.latestRoundData();
+ require(quoteAnsweredInRound >= quoteRoundID, "Stale price!");
+ require(quoteTimestamp != 0, "Round not complete!");
+ require(block.timestamp - quoteTimestamp <= VALID_TIME_PERIOD);
require(isFeedAvailable[_priceFeed], "Price feed not available");
require(price > 0, "Invalid price");
return price;
}