Upbeat Pineapple Chicken
Medium
Using AggregatorInterfaces latestAnswer() is deprecated and allows for the received data to be stale. Consider using latestRoundData to verify that the received price is not stale.
In AaveOracle.sol::getAssetPrice() ,latestAnswer() is used.
LiquidationLogic.sol::executeLiquidationCall() heavily relies on the getAssetPrice() function to get both collateral and debt value. It is also used in calculateUserAccountData() and in validateBorrow(). Those values could be not up to date to the current market price since the received price is not checked for being up to date.
No response
- Received Price is stale.
No response
The protocol wrongfully assumes that the received price is up to date which can lead to inconsistencies in debt and collateral calculations which in result could lead to other problems associated with borrowing and liquidations.
No response
Consider using latestRoundData() instead of latestAnswer() and check if the price is stale.
function getAssetPrice(address asset) public view override returns (uint256) {
AggregatorInterface source = assetsSources[asset];
if (asset == BASE_CURRENCY) {
return BASE_CURRENCY_UNIT;
} else if (address(source) == address(0)) {
return _fallbackOracle.getAssetPrice(asset);
} else {
- int256 price = source.latestAnswer();
+ (uint256 roundId, int256 price,, uint256 updatedAt, uint80 answeredInRound) = source.latestRoundData();
+ require(updatedAt >= block.timestamp - 1 hours, "Stale price"); //or other time offset
if (price > 0) {
return uint256(price);
} else {
return _fallbackOracle.getAssetPrice(asset);
}
}
}