OracleLib does not handle min / max price for tokens

Summary

OracleLib does not handle the mininimum and maximum configured prices for the different oracles. There is a non zero probability that the oracle will report the price limits instead of the real world price. The worst case scenario if this is not handled properly is the accumulation of a lot of bad debt for users of DSC.

Vulnerability Detail

When the chainlink oracle is set up, it is configured with a minimum and maximum price. If the real world price of the asset is outside of this boundary, the configured minimum or maximum price is reported instead. This is the same vulnerability that left Venus Protocol with 11m of bad debt when Luna crashed as the oracle was reporting a price 10x higher than the real market price.

Impact

If the oracle is reporting a higher price than the real price of a collateral, a user is able to mint more DSC than is allowed thus leaving the protocol with a lot of bad debt.

Tool used

Manual Review

Recommendation

When specifying which collaterals are allowed at the deployment of the DSCEngine, specify the minimum and maximum price as well and automatically disable the use of this collateral if the oracle price is a certain threshold of the min / max price.

Alternatively, consider using a fallback oracle when the price boundaries are hit.