Summary

The contract utilizes BTC/USD and ETH/USD Chainlink oracles to price WBTC and WETH. If WBTC or WETH becomes unpegged (deviates from its corresponding oracle price), issues may arise.

Vulnerability Details

The chainlink BTC/USD and ETH/USD oracle is used to price WBTC and WETH. WBTC and WETH is basically a bridged asset and if the bridge is compromised/fails then WBTC will depeg and will no longer be equivalent to BTC and ETH. If such a situation occurs, it may lead to serious issues, potentially affecting stablecoins.This is a reference link:https://github.com/sherlock-audit/2023-02-blueberry-judging/issues/9

Impact

It may result in instability in stablecoin prices and damage to the contract.

Tools Used

vscode

Recommendations

I would recommend using a double oracle setup. Use both the Chainlink and another on-chain liquidity base oracle (i.e. UniV3 TWAP). This is a reference link:https://github.com/sherlock-audit/2023-02-blueberry-judging/issues/9