OracleLib will return the wrong price for asset if underlying aggregator hits minAnswer
Summary
OracleLib will return the wrong price for asset if underlying aggregator hits minAnswer
Vulnerability Details
Chainlink aggregators have a built in circuit breaker if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value (i.e. LUNA crash) the price of the oracle will continue to return the minPrice instead of the actual price of the asset. This would allow user to continue borrowing with the asset but at the wrong price. This is exactly what happened to Venus on BSC when LUNA imploded: https://rekt.news/venus-blizz-rekt/.
latestRoundData pulls the associated aggregator and requests round data from it. ChainlinkAggregators have minPrice and maxPrice circuit breakers built into them. This means that if the price of the asset drops below the minPrice, the protocol will continue to value the token at minPrice instead of it's actual value.
Impact
This will allow users to take out huge amounts of bad debt and bankrupt the protocol.
Tools Used
Manual review
Recommendations
ChainlinkOracle should check the returned answer against the minPrice/maxPrice and revert if the answer is outside of bounds:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.