Oracle can become single point of failure
Summary
Now the oracle is merely depending on Chainlink price feed. There is a risk of single point of failure.
Vulnerability Details
In a stable coin protocol, the liquidation/redeeming/minting processes are the most important process to keep the stable coin pegged and work as expected. And the processes depend a lot on the Oracle system. Now Chainlink is the only Oracle which is implemented in the protocol.
When Chainlink fails for any reason, the protocol will fail with it.
Impact
If the Oracle stops working, then the stable coin protocol will fail.
To be more Concrete,
Firstly, market will panic and everyone will sell their DSC. As a result, DSC(stable coin) will de-peg and DSC's holder will suffer from the loss of funds if they sell DSC too.
Secondly, in the worst case scenario, because DSC is supposed to be decentralized and there is no administrator role or emergency-withdraw function to get the funds out of the system. If the Oracle is dead forever, then the funds will be locked forever.
Tools Used
Manual review
Recommendations
Use a combined double oracle price mechanism to represent the market price so that it will mitigate the issue of current Oracle's single point of failure problem.
For instance, the solution below is quite reasonable in my opinion.
Use at least 2 price oracles, e.g. chainlink price feed and Uniswap v3 TWAP.
If Chainlink's price value differs from that of Uniswap, the protocol can choose the value which is most at its advantage.
For your reference, this is done by the Angle protocol,
In this way, the protocol can stay decentralized and at the same time, become more robust.
Thank you!
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.