15,000 USDC
View results
Submission Details
Severity: medium
Valid

The oracle price reading of different collateral should be compatible with revert

Summary

The protocol does not isolate multiple collateral, and any error in reading the price of each collateral will cause the protocol to fail to calculate the user's collateral price, and it will not be able to carry out mint, borrow and liquidation.

Vulnerability Details

function staleCheckLatestRoundData(AggregatorV3Interface priceFeed)
public
view
returns (uint80, int256, uint256, uint256, uint80)
{
// @audit revert here
(uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData();
uint256 secondsSince = block.timestamp - updatedAt;
// @audit revert here
if (secondsSince > TIMEOUT) revert OracleLib__StalePrice();
return (roundId, answer, startedAt, updatedAt, answeredInRound);
}
function getTokenAmountFromUsd(address token, uint256 usdAmountInWei) public view returns (uint256) {
// price of ETH (token)
// $/ETH ETH ??
// $2000 / ETH. $1000 = 0.5 ETH
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
// ($10e18 * 1e18) / ($2000e8 * 1e10)
// @audit revert here
return (usdAmountInWei * PRECISION) / (uint256(price) * ADDITIONAL_FEED_PRECISION);
}

There are three possible problems:

  1. The latestRoundData calls revert

  2. The heart rate greater than 3 hours

  3. The oracle returns the price of 0, which may occur if the current round is not fully updated

Impact

Only one oracle price reading error will shutdown the entire protocol, when the price fluctuates greatly, which will cause funds loss to users.

Tools Used

Manual review

Recommendations

  1. If orace price is zero, revert

  2. Use try-catch to package priceFeed.staleCheckLatestRoundData

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.