No check if the `min price`/`max price` is hit when calling the chainlink oracle
Summary
If the min price/max price valid liquidations will not be possible and users will be able to mint more DSC than they should be able to
Vulnerability Details
Chainlink aggregators have a built in circuit breaker if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value (i.e. LUNA crash) the price of the oracle will continue to return the minPrice instead of the actual price of the asset. This would allow user to continue minting against the asset but at the wrong price and would prevent valid liquidations.
Impact
In the event that an asset crashes (i.e. LUNA), valid liquidations will be prevented and users will be able to mint against the asset using an inflated price
Tools Used
Manual review
Recommendations
ChainlinkAdapterOracle should check the returned answer against the minPrice/maxPrice and revert if the answer is outside of the bounds. The minPrice/maxPrice can be saved in a struct with the priceFeed of the token an passed as an argument when calling staleCheckLatestRoundData
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.