15,000 USDC
View results
Submission Details
Severity: medium
Valid

OracleLib `staleCheckLatestRoundData` will return the wrong price for asset if underlying aggregator hits minAnswer

Summary

Chainlink aggregators have a built in circuit breaker if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value (i.e. LUNA crash) the price of the oracle will continue to return the minPrice instead of the actual price of the asset. This would allow user to continue borrowing with the asset but at the wrong price. This is exactly what happened to Venus on BSC when LUNA imploded.

Vulnerability Details

Example:
TokenA has a minPrice of $1. The price of TokenA drops to $0.10. The aggregator still returns $1 allowing the user to borrow against TokenA as if it is $1 which is 10x it's actual value.

Impact

In the event that an asset crashes the protocol can be manipulated to give out loans at an inflated price

Tools Used

Manual Review

Recommendations

if (answer >= maxPrice or answer <= minPrice) revert();

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.