Stale Oracle

What it detects

The detector checks whether contracts reference oracle values without verifying their freshness. If updates are infrequent or timestamps are ignored, operations may execute using obsolete information.

Typical symptoms

Oracle timestamp or block number not validated
Price feeds remaining unchanged for long periods

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract PriceConsumer {
    uint256 public lastPrice;
    uint256 public lastUpdate;

    function update(uint256 price) external {
        lastPrice = price;
        lastUpdate = block.timestamp;
    }

    function trade() external view returns (uint256) {
        // Uses price regardless of how old it is
        return lastPrice;
    }
}

Why it matters on EVM

Executing financial logic with stale oracle data can trigger incorrect trades or allow manipulative strategies that exploit outdated prices.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM