15,000 USDC
View results
Submission Details
Severity: medium
Valid

The `latestRoundData` function is insufficiently validated.

Summary

Insufficient or incomplete oracle data feed validation can lead to incorrect results.

Vulnerability Details

As per the comments on the given codebase:
`If a price is stale, the function will revert, and render the DSCEngine unusable - this is by design.

  • We want the DSCEngine to freeze if prices become stale.`

However, there is insufficient checks to see if the return value indicates stale data.

Impact

The staleCheckLatestRoundData function could return stale price data for the underlying asset.

Tools Used

Manual Review

Recommendations

There are only checks for price oracle stale threshold.

uint256 secondsSince = block.timestamp - updatedAt;
if (secondsSince > TIMEOUT) revert OracleLib__StalePrice();

Consider adding the other parts of the sanity validation as well.

require(answeredInRound >= roundId, "Price stale");
require(answer > 0, "ChainLink price <= 0");

An even accurate way to do the price or answer value validation, would be to check against their minimum and maximum price. The latestRoundData pulls the associated ChainLink aggregator and requests round data from it. ChainlinkAggregators have minPrice and maxPrice circuit breakers built into them. This means that if the price of the asset drops below the minPrice, the protocol will continue to value the token at minPrice instead of it's actual value. This will allow users to take out huge amounts of bad debt and bankrupt the protocol.

if (answer >= maxPrice or answer <= minPrice) revert();

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.