Flat Macaroon Alligator
Medium
The protocol supports two oracles: Redstone and Chainlink. Chainlink is only supported on the Optimism chain, and the issue lies in price validation, as there is no validation for either the received price or its staleness.
As shown here: [MasterPriceOracle.sol#L80-L92](https://github.com/sherlock-audit/2024-11-autonomint/blob/main/Blockchain/Blockchian/contracts/oracles/MasterPriceOracle.sol#L80-L92), the price is retrieved from the Chainlink aggregator contract. However, there is no validation to ensure that the price is greater than 0 or that it is not stale (no updatedAt validation).
Contract deployed on Optimism chain.
Chainlink returns incorrect/stale price.
No response
Protocol would use incorrect or stale price opening big vector of attack that comes with market price/provided price discrepancy.
No response
Add default validation for the price to ensure that:
- The price is not 0.
- The price is not stale.
Documentation: Chainlink Data Feeds - Check the Timestamp of the Latest Answer