Lack of sanity check on price answer
Lack of sanity check on roundId
Lack of sanity check on updatedAt
Results from (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound) =
priceFeed.latestRoundData(); are not sanity checked which endangers the protocol OracleLib.sol line 26
Medium::: If answer is a negative value where it is consumed inside DSCEngine.sol line 347
return (usdAmountInWei * PRECISION) / (uint256(price) * ADDITIONAL_FEED_PRECISION); It is being unsafe cast into a unit256 which results in it being a very large number which misrepresents the health factor to higher than normal. Therefore accounts that should normally be able to be liquidated are not liquidated
Medium::: If updatedAt = 0 function will always revert that price is stale
Medium:::If roundId is not checked we may be dealing with stale data that can result in e.g higher than normal prices which means accounts that should normally be able to be liquidated are not as they have a faulty high health factor
Manual Analysis
Inside OracleLib.sol function add the following check
if (answer < 0) revert ...;
if (roundId == 0) revert ...;
if (updatedAt == 0) revert ...;
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.