Skip to content

Latest commit

 

History

History
45 lines (25 loc) · 995 Bytes

080.md

File metadata and controls

45 lines (25 loc) · 995 Bytes

Loud Mocha Platypus

Medium

Missing updatedAt check in DebitaChainlink.getThePrice() causing stale pricing

Summary

Missing updatedAt check in DebitaChainlink.getThePrice() causing stale pricing.

This effects ratio calculations downstream when matching offers.

Root Cause

See Summary.

Internal pre-conditions

See Summary.

External pre-conditions

See Summary.

Attack Path

See Summary.

Impact

See Summary.

PoC

See Summary.

Mitigation

// https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/oracles/DebitaChainlink.sol#L42
-        (, int price, , , ) = priceFeed.latestRoundData();
+        (, int price, , uint256 updatedAt, ) = priceFeed.latestRoundData();
+        if (updatedAt < block.timestamp - 60 * 60) revert("stale price feed");