Loud Mocha Platypus
Medium
roundId
not checked in ChainLink price feed returns in DebitaChainlink.getThePrice()
leading to stale prices
roundId
and answeredInRound
not checked during DebitaChainlink.getThePrice().
answeredInRound
must be checked against roundId
to avoid stale price data. This stale price data leads to incorrect ratio calculations during matching offers in MatchOfferV3()
.
See:
https://github.com/code-423n4/2022-04-backd-findings/issues/17
See Summary.
See Summary.
See Summary.
See Summary.
See Summary.
See Summary.
// DebitaChainlink.getThePrice()](https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/oracles/DebitaChainlink.sol#L30-#L43
+ require(answeredInRound >= roundID, "Stale price");