Skip to content

[contracts] Add oracle contract with price staleness detection as a security example #1028

Description

@CelestinaBeing

Context

contracts/oracle/ exists. An oracle contract that demonstrates price staleness detection (reading stale prices as a vulnerability) would make a good S006 teaching example.

Work

  • Add a get_price_unsafe(asset) function that reads without checking staleness (triggers S006)
  • Add a get_price_safe(asset, max_age_ledgers) function that checks freshness
  • Add set_price(asset, price, timestamp) admin function
  • Write tests that verify staleness detection works correctly
  • Add Sanctifier analysis showing S006 on the unsafe variant

Acceptance criteria

  • sanctifier analyze contracts/oracle finds S006 on get_price_unsafe
  • get_price_safe does not trigger S006
  • Tests cover: fresh price, stale price, missing price

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions