Oracle Data Freshness
Detects oracle price usage without staleness validation.
Oracle Data Freshness
Overview
The oracle data freshness detector identifies DeFi protocols that read oracle price data (Pyth, Switchboard, Chainlink) without validating staleness. Using stale price data can lead to incorrect valuations, liquidations at wrong prices, or arbitrage opportunities for attackers.
For remediation guidance, see Oracle Data Freshness Remediation.
Why This Is an Issue
Oracle price feeds have publish timestamps that indicate when the price was last updated. During network congestion, validator downtime, or oracle infrastructure issues, price feeds can become stale — reflecting prices from minutes or hours ago. Programs that use stale prices for lending, liquidation, or swap calculations expose users to significant losses. An attacker monitoring oracle staleness can execute trades at known-outdated prices for risk-free profit.
How to Resolve
Before (Vulnerable)
// Vulnerable: no staleness check on oracle price
let price_feed = load_price_feed(&ctx.accounts.oracle)?;
let price = price_feed.get_price_unchecked();
let value = amount * price.price as u64 / PRECISION;After (Fixed)
// Fixed: validate price staleness and confidence
let price_feed = load_price_feed(&ctx.accounts.oracle)?;
let clock = Clock::get()?;
let price = price_feed.get_price_no_older_than(
clock.unix_timestamp, MAX_STALENESS_SECS
)?;
require!(price.conf < MAX_CONFIDENCE_INTERVAL, ErrorCode::PriceUncertain);
let value = amount * price.price as u64 / PRECISION;Example JSON Finding
{
"detector": "oracle-data-freshness",
"severity": "high",
"confidence": 0.85,
"message": "Oracle price read without staleness validation -- stale prices enable exploitation",
"location": { "function": "calculate_value", "block": 1, "statement": 2 }
}Detection Methodology
- Oracle read identification: Detects account data reads from accounts with oracle-like access patterns (Pyth, Switchboard).
- Timestamp comparison search: Checks for Clock sysvar reads and comparisons against oracle publish timestamps.
- Confidence interval check: Looks for validation of the oracle’s confidence/uncertainty interval.
- Staleness threshold verification: Flags oracle reads not preceded by a timestamp-based staleness check.
Limitations
False positives: Programs that use oracle data for non-critical display purposes may be flagged. False negatives: Custom oracle implementations with non-standard interfaces may not be recognized.
Related Detectors
- Oracle Manipulation — broader oracle manipulation issues
- Price Impact — missing price impact checks
- Slippage Protection — missing slippage bounds