# Chainlink: Using latestAnswer instead of latestRoundData {% hint style="info" %} [**Book an audit with Zokyo**](https://www.zokyo.io/) {% endhint %} ## Chainlink - Use latestRoundData instead latestAnswer to run more validations In `UniswapV3Oracle.sol`, the `latestAnswer` method is invoked to retrieve the most recent WETH price. While this method provides the last recorded value, it does not offer any mechanism to verify the timeliness of this data, which is crucial for maintaining the accuracy and reliability of price information used in transactions. An alternative approach would be to utilize the `latestRoundData` method, as it allows for additional validations to ensure that the price data is current and reliable. Below is a code snippet demonstrating how to implement these additional checks: ```solidity solidityCopy code( roundId, rawPrice, , updateTime, answeredInRound ) = AggregatorV3Interface(XXXXX).latestRoundData(); require(rawPrice > 0, "Chainlink price <= 0"); require(updateTime != 0, "Incomplete round"); require(answeredInRound >= roundId, "Stale price"); ``` With these checks, you can ensure not only that the price is greater than zero but also that it comes from a completed round and is not outdated. This additional layer of validation provides a more secure and reliable price for use in transactions and other critical operations. For further details on verifying whether the answer from a round is being carried over from a previous one, refer to Chainlink's [official documentation](https://docs.chain.link/docs/faq/#how-can-i-check-if-the-answer-to-a-round-is-being-carried-over-from-a-previous-round). ## Usage of deprecated ChainLink API in `EIP1271Wallet` #### Vulnerability Details The `EIP1271Wallet` contract utilizes the deprecated `latestAnswer` method from the Chainlink API: > “This API is deprecated. Please see the API Reference for the latest Price Feed API.” - [Chainlink Docs](https://docs.chain.link/docs/) This deprecated function presents risks as it returns '0' without throwing an error if no answer is available. Moreover, it reports `latestAnswer` with varying decimals: 18 decimals for crypto quotes and 8 for FX quotes, leading to inconsistency (detailed in the [Chainlink FAQ](https://docs.chain.link/docs/faq/)). It’s advisable to dynamically fetch the decimals from the oracle to avoid hard-coding and potential discrepancies in the contract. #### Recommended Mitigation Steps To resolve this vulnerability, replace the `latestAnswer` method with the `latestRoundData` function for price retrieval. Additionally, incorporate checks and appropriate revert messages for stale prices or incomplete rounds to enhance contract robustness: ```solidity solidityCopy code(uint80 roundID, int256 price, , uint256 timeStamp, uint80 answeredInRound) = priceOracle.latestRoundData(); require(answeredInRound >= roundID, "Stale price detected"); require(timeStamp != 0, "Incomplete round detected"); ``` These amendments ensure accurate, consistent, and timely price data retrieval, mitigating risks associated with deprecated functions and data inconsistencies. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-15-oracles/found-vulnerabilities-in-oracle-implementations/chainlink-using-latestanswer-instead-of-latestrounddata.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.