Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-11-KELP-FINDINGS-ISSUES-827
HistoryNov 15, 2023 - 12:00 a.m.

Staleness Vulnerability in chainlinkAdaptor's getAssetPrice function

2023-11-1500:00:00
Code4rena
github.com
2
chainlinkadaptor
getassetprice
staledata
heartbeatverification
twaporacle

7.1 High

AI Score

Confidence

High

JSON

Lines of code

Vulnerability details

Impact

The current implementation of the getAssetPrice function in the chainlinkAdaptor contract lacks a crucial check for the heartbeat of the data feed, introducing a potential risk of consuming stale data. This issue is exacerbated by the fact that different assets like stETh, rETH, and cbETH have distinct heartbeat intervals. Failure to account for these differences may result in the use of outdated prices, leading to inaccurate calculations and potentially causing financial losses for users. Additionally, the use of a deprecated Chainlink function is another concern, although this aspect is covered in a separate analysis.

Proof of Concept

 /// @notice Fetches Asset/ETH exchange rate
    /// @param asset the asset for which exchange rate is required
    /// @return assetPrice exchange rate of asset

    function getAssetPrice(address asset) external view onlySupportedAsset(asset) returns (uint256) {
        return AggregatorInterface(assetPriceFeed[asset]).latestAnswer(); //@audit add heartbeat
    }

In the above implementation of the getAssetPrice function, the code uses Chainlink to fetch the price of an asset like stETh, rETH, and cbETH. While the bot race issue is covered in a separate analysis, the heartbeat issue is not addressed. The absence of heartbeat verification is problematic, given that all assets have different heartbeat intervals and deviation thresholds. This disparity in heartbeat intervals could lead to significant price deviations, potentially resulting in financial losses for users. Notably, this function is utilized in getRsETHAmountToMint.

see the details of assets on chainlink from here

<https://data.chain.link/base/base/crypto-eth/steth-eth&gt;
<https://data.chain.link/ethereum/mainnet/crypto-eth/cbeth-eth&gt;
<https://data.chain.link/ethereum/mainnet/crypto-eth/reth-eth&gt;

Tools Used

Manual Review

Recommended Mitigation Steps

  1. Heartbeat Verification:
* Implement heartbeat verification in the getAssetPrice function to ensure that only fresh data is utilized.
* Consider utilizing different heartbeat intervals for distinct assets to align with their respective data feed characteristics.
  1. Consider TWAP Oracle:
* Explore the use of Time-Weighted Average Price (TWAP) oracles as an alternative to mitigate potential issues associated with varying heartbeat intervals.

Assessed type

Oracle

The text was updated successfully, but these errors were encountered:

All reactions

7.1 High

AI Score

Confidence

High

JSON