While we have found Chainlink price feeds to be consistently reliable, it's crucial to acknowledge that no system is impervious to potential anomalies or errors. Consequently, in the rare instance where things don't go as planned, it's paramount to have robust safety checks and mitigation strategies in place to minimize any potential harm.
The existing system lacks protective measures against anomalous activity from the Chainlink price feed. This price feed serves as the sole reference for determining the collateral value in the current contract. Even though the likelihood of irregularities occurring may be low, the potential risk could still be substantial if such an event were to transpire. It is therefore crucial to address this vulnerability.
getUsdValue()
: This function relies on the Chainlink price feed to fetch the current price of the specified token. It multiplies this price by the amount of tokens inputted to calculate the total value in USD.
getTokenAmountFromUsd()
: This function also utilizes the Chainlink price feed, but in this case, it retrieves the token's price to compute the equivalent amount of the token from the given USD value in Wei.
During the minting process, an inaccurate price feed can have different effects. If the price feed returns a value lower than the actual price, users may be able to mint an inflated quantity of stablecoins, potentially destabilizing the token's peg. On the other hand, if the price feed overestimates the price, users will mint fewer stablecoins than expected, which can limit their access to the stablecoin supply.
On the redemption side, an underpriced feed can lead to users receiving a greater amount of collateral tokens than expected, potentially resulting in premature liquidations. This situation may also allow liquidators to claim a higher number of tokens than usual. Conversely, if the feed overprices the token, it would artificially inflate the token's health factor, jeopardizing the stability of its peg and potentially leading to unintended consequences for the system's stability.
VSCode, Foundry
To both minimize the risk of a token de-peg and limit the potential damage, I propose a number of preventative strategies:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.