Improper Use of Oracle Heartbeats

What it detects

The detector finds oracle integrations that fetch data without verifying the freshness via a heartbeat. If the heartbeat is expired, prices or data may be outdated, leading to incorrect contract state.

Typical symptoms

Oracle response timestamp not checked
Heartbeat interval stored but unused

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract OracleClient {
    function read() external view returns (uint256) {
        // Heartbeat not consulted
        return 42;
    }
}

Why it matters on EVM

Using stale oracle data can cause wrong pricing, faulty liquidations, or other cascading errors across DeFi protocols.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM