Summary

Protocol relies on single Oracle Chainlink

Vulnerability Details

Although Chainlink is one of the reliable decentralized Oracles, it is still possible to get an outage. Chainlink during the LUNA market crash led to Venus Protocol attack as Chainlink was not able to provide up to date prices. This is a result of Chainlink circuit breakers triggered in extreme market conditions. There could also be other issues in the Chainlink that can impact price feeds

Impact

Medium: Chainlink has been very reliable mainly. However such as outage can lead to problems with valuation, stabilization, and liquidation in the protocol which makes the protocol not work as expected.

Tools Used

Manual Analysis

Recommendations

Implement offchain monitoring e.g collateral assets reaching minAnswer, maxAnswer values that trigger Chainlink circuit breakers. Have emergency patterns in the contracts to pause functionality if above values being reached or any other monitored triggers or challenges from Chainlink indicate potential problems. Other solution may increase complexity and computation and costs but to also have price feeds input from additional Oracle to have multiple sources in case one has problems e.g Chainlink fails stale check then use Oracle B price if passes check