Insufficient check in getPrice() can return incorrect data

Summary

DebitaChainlink::getPrice is not checking answeredInRound value. The data returned can be incorrect due to an incomplete round.

Vulnerability Details

answeredInRound returns the round ID of the round in which the answer was computed. We should verify that answeredInRound >= roundId to ensure that the data we are seeing is fresh.

Impact

Incorrect price returned by oracle can be very damaging to the protocol.

Code Snippet

https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/oracles/DebitaChainlink.sol#L30-L47

Tool Used

Manual Review

Recommendation

Add the check require(answeredInRound >= roundId) in getPrice.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

026.md

026.md

Insufficient check in getPrice() can return incorrect data

Summary

Vulnerability Details

Impact

Code Snippet

Tool Used

Recommendation

Files

026.md

Latest commit

History

026.md

File metadata and controls

Insufficient check in getPrice() can return incorrect data

Summary

Vulnerability Details

Impact

Code Snippet

Tool Used

Recommendation