Chainlink latestAnswer has been deprecated

2022-05-0400:00:00

Code4rena

github.com

JSON

Lines of code

PriceOracleImplementation.sol#L29-L31

Vulnerability details

Impact

latestAnswer function is deprecated.
This function does not revert if no answer has been reached but returns zero.
There is no check for stale price and round completeness.
Price can be stale and lead to wrong return value.

Proof of Concept

Chainlink API Reference

int256 usdcPrice = ChainlinkFeed(0x986b5E1e1755e3C2440e960477f25201B0a8bbD4).latestAnswer();
if (usdcPrice &lt;= 0) {
    return 0;
}

Recommended Mitigation Steps

Use latestRoundData instead as well as performing more thorough check on return data. Secondly, update compiler version pragma solidity ^0.5.16 to latest compiler version for better compatibility with modern Chainlink methods.

(uint80 roundID, int256 price, , uint256 timeStamp, uint80 answeredInRound) = oracle.latestRoundData();
require(usdcPrice &gt; 0, "...");
require(answeredInRound &gt;= roundID, "...");
require(timeStamp != 0, "...");

The text was updated successfully, but these errors were encountered:

All reactions

JSON