logo
Steadefi Documentation
/
Security
/
Audits
/
Codehawks Public Audit Mitigation Report

L-15. ChainlinkARBOracle.consult will revert phase id was increased for chainlink aggregator

Submitted by rvierdiiev.

Relevant GitHub Links

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/oracles/ChainlinkARBOracle.sol#L213-L219

Summary

ChainlinkARBOracle.consult will revert phase id was increased for chainlink aggregator, because wrong round will be requested instead of previous one.

Vulnerability Details

In order to validate chainlink price ChainlinkARBOracle fetched answer for current and previous rounds. In order to get the previous round, roundId from current response is used. So just roundId - 1 is requested.
Round id in the chainlink consists of phaseId and aggregatorRoundId. In case if new aggregator is used, then phaseId is increased.
So the problem occurs when new aggregator is used and it has only the first round. Then roundId - 1 will not point to the last round of the previous aggregator, but it will be an incorrect round. As a result wrong answer will be returned and the call will likely revert.

Impact

Call will revert as price will not be validated.

Tools Used

VsCode

Recommendations

It can be really complicated fix, where you need to parse roundId to know if phase was changed. I am not sure it worth it.
M-25. depositors face immediate loss in case `equity = 0`
M-15. GMXVault can stop working in case if GMX will change `Keys.MAX_CALLBACK_GAS_LIMIT` to smaller than 2 millions
Powered by Notaku
Share
Content
L-15. ChainlinkARBOracle.consult will revert phase id was increased for chainlink aggregator
Relevant GitHub Links
Summary
Vulnerability Details
Impact
Tools Used
Recommendations