# Lack of return data validation {% hint style="info" %} [**Book an audit with Zokyo**](https://www.zokyo.io/) {% endhint %} **Impact:** Using stale, inaccurate, or unchecked data can lead to a multitude of problems. For DeFi protocols, these issues can result in financial losses, inaccurate calculations, or even system failures. The integrity of the entire system can be compromised if it relies on unvalidated or outdated data. **Proof of Concept:** 1. **Stale Data from Latest Answer:** Some protocols leverage functions like `latestAnswer` to fetch the latest price. While this might sound apt, it doesn't guarantee the freshness of data. For example: ``` int256 latestPrice = oracle.latestAnswer(); ``` Without further validation, this data could be outdated, leading to miscalculations. 2. **Incomplete Round Checks:** Fetching data without validating its round or timestamp could result in the protocol using data from incomplete or stale rounds. For instance: ``` (, int256 feedPrice, , uint256 timestamp, ) = feed.latestRoundData(); ``` If crucial checks like `timestamp != 0` or checks on `answeredInRound` are missed, the protocol might unwittingly use unreliable data. 3. **Misunderstanding Oracle's Return Data:** Merely fetching the `latestRoundData` does not necessarily represent the current asset price. There's a need to actively query the oracle and wait for a callback, ensuring the most updated and accurate data is received. 4. **Ignoring Timestamps:** Ignoring the `updatedAt` timestamps from oracle data can have dire consequences. Stale data might continue to be used, especially if there's a disruption in the oracle's update mechanism. **Recommended Mitigation Steps:** 1. **Implement Comprehensive Checks:** Whenever data is fetched from an oracle, validate it comprehensively. Use checks like: ``` (uint80 roundID, int256 price, , uint256 timeStamp, uint80 answeredInRound) = oracle.latestRoundData(); require(price > 0, "Invalid price data"); require(timeStamp != 0, "Incomplete round"); require(answeredInRound >= roundID, "Stale data detected"); ``` 2. **Stay Updated with Oracle Documentation:** Continuously monitor and review oracle documentation to understand any changes or recommended best practices. This helps in adapting to the oracle's evolving standards. 3. **Active Oracle Querying:** Instead of solely relying on fetching the latest available data, actively query the oracle for the most recent data and wait for a callback, ensuring data accuracy. 4. **Ensure Data Freshness:** Always verify that the data received from the oracle is recent. 5. **Leverage Multiple Oracle Sources:** To prevent dependence on a single data point, use multiple oracles or aggregated data sources. This not only ensures data reliability but also helps in filtering out outliers. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-15-oracles/understanding-oracle-vulnerabilities/lack-of-return-data-validation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.