Summary

OracleLib will return the wrong price for asset if underlying aggregator hits minAnswer

Vulnerability Details

Chainlink aggregators have a built in circuit breaker if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value (i.e. LUNA crash) the price of the oracle will continue to return the minPrice instead of the actual price of the asset. This would allow user to continue borrowing with the asset but at the wrong price. This is exactly what happened to Venus on BSC when LUNA imploded: https://rekt.news/venus-blizz-rekt/.

latestRoundData pulls the associated aggregator and requests round data from it. ChainlinkAggregators have minPrice and maxPrice circuit breakers built into them. This means that if the price of the asset drops below the minPrice, the protocol will continue to value the token at minPrice instead of it's actual value.

Impact

This will allow users to take out huge amounts of bad debt and bankrupt the protocol.

Tools Used

Manual review

Recommendations

ChainlinkOracle should check the returned answer against the minPrice/maxPrice and revert if the answer is outside of bounds: