-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
79 additions
and
0 deletions.
There are no files selected for viewing
25 changes: 25 additions & 0 deletions
25
vulnerable_contracts/unchecked_chainlink_oracle_price/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Unchecked Chainlink Oracle Price | ||
| An intentionally vulnerable Foundry project. | ||
|
|
||
| ```bash | ||
| tree | ||
| . | ||
| ├── foundry.toml # Contract's root | ||
| ├── src/ | ||
| │ └── unchecked_chainlink_oracle_price.sol # Vulnerable contract | ||
| ``` | ||
| ## Usage | ||
|
|
||
| ### Build | ||
|
|
||
| Download chainlink dependencies to build. | ||
|
|
||
| ```bash | ||
| forge build | ||
| ``` | ||
|
|
||
| ### Test | ||
|
|
||
| ```bash | ||
| forge test | ||
| ``` |
4 changes: 4 additions & 0 deletions
4
vulnerable_contracts/unchecked_chainlink_oracle_price/foundry.toml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| [profile.default] | ||
| src = "src" | ||
| out = "out" | ||
| libs = ["lib"] |
50 changes: 50 additions & 0 deletions
50
...rable_contracts/unchecked_chainlink_oracle_price/src/unchecked_chainlink_oracle_price.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| // SPDX-License-Identifier: MIT | ||
| pragma solidity ^0.8.20; | ||
|
|
||
| // Import the Chainlink AggregatorV3Interface | ||
| import "chainlink-brownie-contracts/contracts/src/v0.8/interfaces/AggregatorV3Interface.sol"; | ||
|
|
||
| contract LatestBadContract { | ||
| AggregatorV3Interface internal priceFeed; | ||
| int256 public minAnswer; | ||
|
|
||
| /** | ||
| * Constructor takes the address of a Chainlink Data Feed contract. | ||
| */ | ||
| constructor(address _priceFeed, int256 _minAnswer) { | ||
| priceFeed = AggregatorV3Interface(_priceFeed); | ||
| minAnswer = _minAnswer; // Set the minimum acceptable answer | ||
| } | ||
|
|
||
| /** | ||
| * Returns the latest round data from the Chainlink Data Feed. | ||
| */ | ||
| function getLatestRoundData() | ||
| public | ||
| view | ||
| returns ( | ||
| uint80 roundId, | ||
| int256 answer, | ||
| uint256 startedAt, | ||
| uint256 updatedAt, | ||
| uint80 answeredInRound | ||
| ) | ||
| { | ||
| ( | ||
| uint80 id, | ||
| int256 price, | ||
| uint256 started, | ||
| uint256 updated, | ||
| uint80 answeredRound | ||
| ) = priceFeed.latestRoundData(); | ||
|
|
||
| // No check here! fix suggestion examples: | ||
| // require(price >= minAnswer, "Price below minimum accepted value"); | ||
| // or | ||
| // if (price < minAnswer) { | ||
| // revert("Error: Price below minimum expected value"); | ||
| // } | ||
|
|
||
| return (id, price, started, updated, answeredRound); | ||
| } | ||
| } |