Omniscia DAFI Audit

PriceFeeds Manual Review Findings

PFS-01M: Improper Chainlink Integration

Type	Severity	Location
External Call Validation	Medium	[PriceFeeds.sol:L26-L34](https://github.com/DAFIProtocol/dDAFI/blob/d08c795cdf3455616f403d1468e02ec234ab01ef/contracts/network demand/PriceFeeds.sol#L26-L34)

Description:

The latestRoundData retrieved from the Chainlink oracle in the getThePrice function is not properly sanitized.

Example:

contracts/network

26function getThePrice() public view override returns (uint) {
27    (
28    ,
29    int price,
30    ,
31    ,
32    ) = priceFeed.latestRoundData();
33    return uint(price);
34}

Recommendation:

We advise a check to be introduced that ensures answeredInRound has a certain threshold of rounds between itself and roundId to ensure the contract does not process stale data. This particular issue is highlighted in the Chainlink developer documentation.

Alleviation:

The team developed a replacement PriceFeeds implementation labelled DIAPriceFeed that does not interface with Chainlink, thus rendering this implementation redundant and unfixed.

Omniscia DAFI Audit

PriceFeeds Manual Review Findings

PriceFeeds Manual Review Findings

PFS-01M: Improper Chainlink Integration

Description:

Example:

Recommendation:

Alleviation:

NetworkDemand.sol (NDD-M)

RebaseEngine.sol (REE-M)

On this page