High: Lack of freshness check in AaveOracle._getSourcePrice allows usage of stale prices #1082
Description
AaveOracle.sol mein latestRoundData() ka istemal karte waqt Chainlink ke updatedAt parameter ko ignore kiya gaya hai. Isse protocol purani prices (stale prices) par liquidation aur collateral accounting kar sakta hai, jo system solvency ke liye bada khatra hai.
## Vulnerability Detail // SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;
import 'tests/unit/Hub/HubBase.t.sol';
contract OracleStalePricePoC is HubBase {
function test_OracleAcceptsStalePrice() public {
uint256 veryOldTimestamp = block.timestamp - 7 days; // 7 din purani price
int256 mockPrice = 2500e8;
// Mocking Chainlink to return a stale timestamp
vm.mockCall(
address(mockAggregator),
abi.encodeWithSelector(AggregatorV3Interface.latestRoundData.selector),
abi.encode(1, mockPrice, veryOldTimestamp, veryOldTimestamp, 1)
);
// Price is accepted despite being 7 days old
uint256 price = aaveOracle.getReservePrice(ethAssetId);
assertEq(price, uint256(mockPrice), "Oracle should have reverted on stale data");
}
}
AaveOracle.sol ke _getSourcePrice function (Line 66) mein sirf price ki validity chack ki gyi hai