Summary

As discussed with the team (Patric) this project can utilize any ERC20 that has a feed with ChainLink. However OracleLib is set up in a way to discard every update that is 3h or older, and this may cause some issues with some coins.

Vulnerability Details

As of the time of writing, the heartbeat of the BNB token on the ChainLink feed is approximately 9 hours. Given that OracleLib only allows for 3 hours of freshness, this feed may not be suitable for seamless integration and could lead to potential issues.

For instance, when a user deposits wBNB and the oracle has responded within the last 3 hours, the DSCEngine accepts the deposit and mints the user some coins. However, if the same user attempts to withdraw again, they will be unable to do so until the oracle responds again, and they have approximately 3 hours to withdraw their funds back. If their transaction remains in the mempool for more than 3 hours due to network congestion, the transaction will revert, requiring the user to wait for the next feed update. the mem pool for more than 3h (due to congestion) his TX will revert and he would need to wait for the other feed update.

Impact

DoS and worsen user experience.

Tools Used

Recommendations

Make 2-3 different variations of freshness. To ensure it will work with most of the coins.