Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zealous Seafoam Platypus - Missing Heartbeat Interval and Zero-Price Checks in Chainlink Oracle Implementation in MasterPriceOracle #1059

Open
sherlock-admin4 opened this issue Dec 30, 2024 · 0 comments
Open

Zealous Seafoam Platypus - Missing Heartbeat Interval and Zero-Price Checks in Chainlink Oracle Implementation in MasterPriceOracle #1059

sherlock-admin4 opened this issue Dec 30, 2024 · 0 comments

Comments

@sherlock-admin4
Copy link

Zealous Seafoam Platypus

Medium

Missing Heartbeat Interval and Zero-Price Checks in Chainlink Oracle Implementation in MasterPriceOracle

Summary

The protocol relies on Chainlink Oracles to fetch prices for underlying assets and ETH on the Optimism network. However, the implementation is missing crucial safety checks, such as verifying the heartbeat interval and ensuring the fetched prices are greater than zero. Without these checks, stale or zero prices can be accepted from the oracle. This oversight can result in incorrect price calculations and potential financial losses for the protocol and its users.

The absence of checks for the heartbeat interval and price validation (>0) in the Chainlink Oracle integration allows stale or incorrect prices to be used in calculations.

Root Cause

The absence of checks for the heartbeat interval and price validation (>0) in the Chainlink Oracle integration allows stale or incorrect prices to be used in calculations.

as seen here.

 AggregatorV3Interface oracle = AggregatorV3Interface(oracles[underlying]);

            // Get the eth price
            (, int256 price_, , , ) = oracle.latestRoundData();
            // If the token is ETH
            if (underlying == assetAddress[IBorrowing.AssetName.ETH]) {
                // Return Exchange rate as 1 and ETH price with 2 decimals
                return (1 ether, uint128((uint256(price_) / 1e6)));
            } else {
                (, uint128 ethPrice) = _price(assetAddress[IBorrowing.AssetName.ETH]);
                // Return Exchange rate and ETH price with 2 decimals
                return (uint128(uint256(price_)), ethPrice);

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  1. The Chainlink Oracle returns a stale price due to network issues or delayed updates, and the protocol does not validate the price's freshness.
  2. The protocol accepts a price of 0 from the oracle, allowing stale or zero prices to be used in operations, which can lead to exploitation or incorrect financial outcomes.

Impact

  • Financial Loss: The protocol may perform incorrect operations based on stale or zero prices, resulting in fund mismanagement or unintended payouts.
  • Exploitation Risk: Attackers could exploit stale or zero prices for financial manipulation of the protocol.

PoC

No response

Mitigation

Ensure that the protocol checks the heartbeat interval against the last updated timestamp and verifies that the prices from the oracle are greater than zero.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin4