15,000 USDC
View results
Submission Details
Severity: medium
Valid

Insufficient Safeguards Against Bad Oracle Price Feed

Summary

While we have found Chainlink price feeds to be consistently reliable, it's crucial to acknowledge that no system is impervious to potential anomalies or errors. Consequently, in the rare instance where things don't go as planned, it's paramount to have robust safety checks and mitigation strategies in place to minimize any potential harm.

Vulnerability Details

The existing system lacks protective measures against anomalous activity from the Chainlink price feed. This price feed serves as the sole reference for determining the collateral value in the current contract. Even though the likelihood of irregularities occurring may be low, the potential risk could still be substantial if such an event were to transpire. It is therefore crucial to address this vulnerability.

In DSCEngine.sol

function getUsdValue(address token, uint256 amount) public view returns (uint256) {
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
// 1 ETH = $1000
// The returned value from CL will be 1000 * 1e8
return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;
}

getUsdValue(): This function relies on the Chainlink price feed to fetch the current price of the specified token. It multiplies this price by the amount of tokens inputted to calculate the total value in USD.

function getTokenAmountFromUsd(address token, uint256 usdAmountInWei) public view returns (uint256) {
// price of ETH (token)
// $/ETH ETH ??
// $2000 / ETH. $1000 = 0.5 ETH
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
// ($10e18 * 1e18) / ($2000e8 * 1e10)
return (usdAmountInWei * PRECISION) / (uint256(price) * ADDITIONAL_FEED_PRECISION);
}

getTokenAmountFromUsd(): This function also utilizes the Chainlink price feed, but in this case, it retrieves the token's price to compute the equivalent amount of the token from the given USD value in Wei.

Impact

❌Depeg risk

During the minting process, an inaccurate price feed can have different effects. If the price feed returns a value lower than the actual price, users may be able to mint an inflated quantity of stablecoins, potentially destabilizing the token's peg. On the other hand, if the price feed overestimates the price, users will mint fewer stablecoins than expected, which can limit their access to the stablecoin supply.

On the redemption side, an underpriced feed can lead to users receiving a greater amount of collateral tokens than expected, potentially resulting in premature liquidations. This situation may also allow liquidators to claim a higher number of tokens than usual. Conversely, if the feed overprices the token, it would artificially inflate the token's health factor, jeopardizing the stability of its peg and potentially leading to unintended consequences for the system's stability.

Tools Used

VSCode, Foundry

Recommendations

To both minimize the risk of a token de-peg and limit the potential damage, I propose a number of preventative strategies:

  1. Adopt a Multi-Oracle Strategy: Engaging multiple oracles can provide a safeguard against inaccurate price data. It's recommended to have a backup oracle ready should the primary source encounter issues. Moreover, an established system that computes the median or mode of the gathered values could be instrumental in circumventing anomalous data.
  2. Fail-Safe Price Mechanism: Implement a fail-safe price mechanism that automatically switches to a predefined default price source in case the primary oracle(s) fail to provide data within a certain time frame or if they return unreasonable values (e.g., out-of-range prices). The fail-safe mechanism could be based on time-based checks, block numbers, or other metrics.
  3. Emergency Shutdown or Circuit Breakers : Establish mechanisms for trusted administrators to manually adjust the price in the face of severe price feed failures. However, due to the potential centralization risks, this authority should be exercised judiciously and under clear governance rules.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.