If Chainlink Aggregator Feed reverts due to stale time, the whole protocol will be unusable since most important functions like addCollateral, liquidate, removeCollateral, mint and burn calls _revertIfHealthFactorIsBroken()
.
Most important functions in DSCEngine.sol calls _revertIfHealthFactorIsBroken()
. One such example is the minting of the DSC stablecoin
_revertIfHealthFactorIsBroken()
calls _healthFactor()
-> _getAccountInformation()
-> getAccountCollateralValue()
getAccountCollateralValue()
calls getUsdValue()
which calls the Chainlink Aggregator Feed.
The Chainlink Aggregator Feed is capable of reverting if the returned price is more than 3 hours stale.
It is also good to note that a user can use more than one type of collateral, depending on the protocol. The protocol simply aggregates all the USD value into one whole value for the user.
Let's say a user uses 10 WBTC, 10 WETH and a 1 ABC token for collateral. WBTC is worth $30,000 , WETH is worth $2,000 and ABC token is worth $1. The user decides to put in 1 ABC token for fun, so his collateral is $320,001 and can afford to take a maximum loan of $160,000.5. If the ABC token oracle on Chainlink fails, $320,000 worth of assets is locked in the protocol just because of 1 oracle issue. The faulty oracle should either be sidestepped or something should make for a temporary solution.
Also noted that protocol comments states that this functionality is by design, and that's why I set as low severity and provide a potential solution, but I still think that it's important to find a solution instead of simply freezing the whole protocol since a lot of money may be at stake.
Protocol does not work if one oracle feed is down.
Manual Review
Recommend diverting to the latest price of the token, or having a backup oracle like Liquity oracles...
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.