⬇️Using Deprecated Functions
Impact: Leveraging deprecated functions from an oracle can produce unintended consequences. For instance, a function might no longer return accurate data, or it might behave differently than intended, leading to inaccurate results. Furthermore, there might be significant changes in the way data is represented, such as variances in the number of decimals. If a protocol doesn't adapt to these changes, it might fetch or process data incorrectly.
Proof of Concept:
Consider a DeFi protocol that uses the latestAnswer
function from the Chainlink API, a function now deprecated. While the function might still be operational, its behavior has changed over time. In certain scenarios, it might return a value of '0' if no answer is available, instead of providing an error. Additionally, there can be discrepancies in the returned data format, such as differences in decimal representation for various types of data.
Recommended Mitigation Steps:
Stay Updated: Protocol developers should periodically review the documentation of the oracle services they use. Being aware of any changes, upgrades, or deprecations can prevent potential pitfalls.
Adopt Best Practices: Instead of hardcoding specific function behaviors or data formats, it's more reliable to fetch such details directly from the oracle. For instance, instead of assuming a fixed decimal count, fetch it from the oracle to ensure accuracy.
Use Updated Functions: For our Chainlink example, the deprecated
latestAnswer
function can be replaced with thelatestRoundData
function, which provides comprehensive data and allows for better error handling.
Last updated