Summary

The DSCEngine contract uses a BTC/USD Chainlink oracle to determine the price of Wrapped Bitcoin (WBTC). This approach could potentially lead to significant issues if WBTC were to depeg from Bitcoin (BTC). In such a case, WBTC would no longer maintain a 1:1 value ratio with BTC, potentially leading to incorrect valuations of the asset. This could allow borrowing against a devalued asset and the accumulation of bad debt.

Vulnerability Details

The DSCEngine contract retrieves the price of WBTC using a BTC/USD Chainlink oracle. While this approach is generally correct (as WBTC is supposed to represent a 1:1 value ratio with BTC), it might lead to issues if WBTC were to depeg from BTC due to problems with the WBTC issuance or redemption process.

In this function, priceFeed is a reference to a BTC/USD Chainlink oracle. The function simply retrieves the latest BTC price and returns it as the WBTC price.

Impact

The contract might over- or under-value WBTC, which could lead to incorrect collateral ratios. If the contract allows users to borrow against devalued WBTC, it could accumulate bad debt.

Tools Used

Manual review

Recommendations

A dual oracle system for pricing WBTC is suggested. This setup would use both the BTC/USD Chainlink oracle and another on-chain liquidity-based oracle, such as UniV3 TWAP.

The dual oracle system serves two main roles:

1. It lowers the chance of price manipulation by using the Chainlink oracle, which provides accurate WBTC pricing.

2. It provides a safety net against WBTC depegging by including an on-chain liquidity-based oracle. If the price from the liquidity-based oracle deviates from the Chainlink oracle's price (e.g., drops by 2%), the system could stop borrowing activities.