Summary

Calls to Oracles could potentially revert which may result in a complete Denial-of-Service to smart contracts which depend upon them. Chainlink multisigs can immediately block access to price feeds at will, so just because a price feed is working today does not mean it will continue to do so indefinitely.

Vulnerability Details

Oracle prices feeds are setup once in DSCEngine.constructor() and there is no way to remove or update them. There is also no secondary price mechanism such as Uniswap3 TWAP in case the price oracles fail.

Impact

If a configured Oracle feed has malfunctioned or ceased operating but the smart contract does not have any alternative data source nor does the contract allow updates to data sources, that contract will be permanently bricked.

This would be especially bad for stablecoin protocols and lending/borrowing platforms where large amounts of user value are stored in the form of collateral that would no longer be able to be withdrawn due to calls to the price oracles reverting.

Tools Used

Manual

Recommendations

• Wrap calls to Oracles in try/catch blocks and deal appropriately with any errors,

• Use secondary Oracles or other data sources such as UniswapV3 TWAP to provide redundancy in case one data source is down,

• Provide functionality to replace or update oracle feeds after they are configured.