Missing/Improper Check on Oracle Data

What it detects

This detector flags functions that read prices or data from an oracle but skip sanity checks. Unvalidated data can be manipulated or erroneous, causing mispriced trades or state corruption.

Typical symptoms

Oracle value used directly with no bounds check
External call result assumed to be trustworthy

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract PriceFeed {
    IOracle public oracle;

    function price() external view returns (uint256) {
        // No validation of oracle response
        return oracle.latestAnswer();
    }
}

Why it matters on EVM

Relying on unchecked oracle data leaves protocols vulnerable to manipulation or simple mistakes from off-chain feeds.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM