15,000 USDC
View results
Submission Details
Severity: medium
Valid

Oracle can become single point of failure

Summary

Now the oracle is merely depending on Chainlink price feed. There is a risk of single point of failure.

Vulnerability Details

In a stable coin protocol, the liquidation/redeeming/minting processes are the most important process to keep the stable coin pegged and work as expected. And the processes depend a lot on the Oracle system. Now Chainlink is the only Oracle which is implemented in the protocol.
When Chainlink fails for any reason, the protocol will fail with it.

Impact

If the Oracle stops working, then the stable coin protocol will fail.
To be more Concrete,
Firstly, market will panic and everyone will sell their DSC. As a result, DSC(stable coin) will de-peg and DSC's holder will suffer from the loss of funds if they sell DSC too.
Secondly, in the worst case scenario, because DSC is supposed to be decentralized and there is no administrator role or emergency-withdraw function to get the funds out of the system. If the Oracle is dead forever, then the funds will be locked forever.

Tools Used

Manual review

Recommendations

Use a combined double oracle price mechanism to represent the market price so that it will mitigate the issue of current Oracle's single point of failure problem.

For instance, the solution below is quite reasonable in my opinion.

  • Use at least 2 price oracles, e.g. chainlink price feed and Uniswap v3 TWAP.

  • If Chainlink's price value differs from that of Uniswap, the protocol can choose the value which is most at its advantage.

For your reference, this is done by the Angle protocol,

In this way, the protocol can stay decentralized and at the same time, become more robust.

Thank you!

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.