Foundry DeFi Stablecoin CodeHawks Audit Contest
Cyfrin
DeFiFoundry
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium

If a token's oracle goes down or price falls to zero, liquidations will be frozen

owade

Summary

Chainlink has taken oracles offline in extreme cases. For example, during the UST collapse, Chainlink paused the UST/ETH price oracle, to ensure that it wasn't providing inaccurate data to protocols.If the oracle price lookup reverts, liquidations will be frozen, and the user will be immune to liquidations.

Vulnerability Details

In DSCEngine.sol

function _getUsdValue(address token, uint256 amount) private view returns (uint256) {
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
//@audit ChainlinkAdapterOracle will return the wrong price for asset if underlying aggregator hits minAnswer
//@audit check for sequencer on arbitrum or l@ chains
// 1 ETH = 1000 USD
// The returned value from Chainlink will be 1000 * 1e8
// Most USD pairs have 8 decimals, so we will just pretend they all do
// We want to have everything in terms of WEI, so we add 10 zeros at the end
return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;
}

Impact

Liquidations may not be possible at a time when the protocol needs them most. As a result, the value of user's asset may fall below their debts, turning off any liquidation incentive and pushing the protocol into insolvency.

Tools Used

Manual Review

Recommendations

Ensure there is a safeguard in place to protect against this possibility.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.