⬇️Using Deprecated Functions

Book an audit with Zokyo

Impact: Leveraging deprecated functions from an oracle can produce unintended consequences. For instance, a function might no longer return accurate data, or it might behave differently than intended, leading to inaccurate results. Furthermore, there might be significant changes in the way data is represented, such as variances in the number of decimals. If a protocol doesn't adapt to these changes, it might fetch or process data incorrectly.

Proof of Concept:

Consider a DeFi protocol that uses the latestAnswer function from the Chainlink API, a function now deprecated. While the function might still be operational, its behavior has changed over time. In certain scenarios, it might return a value of '0' if no answer is available, instead of providing an error. Additionally, there can be discrepancies in the returned data format, such as differences in decimal representation for various types of data.

Recommended Mitigation Steps:

Stay Updated: Protocol developers should periodically review the documentation of the oracle services they use. Being aware of any changes, upgrades, or deprecations can prevent potential pitfalls.
Adopt Best Practices: Instead of hardcoding specific function behaviors or data formats, it's more reliable to fetch such details directly from the oracle. For instance, instead of assuming a fixed decimal count, fetch it from the oracle to ensure accuracy.
Use Updated Functions: For our Chainlink example, the deprecated latestAnswer function can be replaced with the latestRoundData function, which provides comprehensive data and allows for better error handling.

PreviousThe Danger of Single Oracle Dependence NextLack of return data validation

Last updated 1 year ago