Chainlink oracles are not checked for stale price

Summary

The data returned from the chainlink oracle is not checked if its stale or not

Vulnerability Detail

    function getPriceUSD() external view override returns (uint256) {
        (, int256 price, , , ) = priceFeed.latestRoundData();
        //@audit here is where the timeStamp value should be checked to ensure its not greater than a certain threshold

        return uint256(price) * 1e10;
    }
}

Impact

Users will get an outdated value from the oracle

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L33 https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWBGL.sol#L24 https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWBTC.sol#L21 https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWETH.sol#L21

Tool used

Manual Review

Recommendation

Add in a check to ensure the oracle timestamp received isnt out of date

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

075.md

075.md

Chainlink oracles are not checked for stale price

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

075.md

Latest commit

History

075.md

File metadata and controls

Chainlink oracles are not checked for stale price

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation