The OracleLib
calls out to a chainlink aggregator receiving the latestRoundData()
. It then checks freshness by verifying that it is not more than 3 hours old (TIMEOUT
). This check is insufficient.
If there is a problem with chainlink starting a new round and finding consensus on the new value for the oracle (e.g. chainlink nodes abandon the oracle, chain congestion, vulnerability/attacks on the chainlink system) consumers of this contract may continue using outdated stale data (if oracles are unable to submit no new round is started).
Reference: https://consensys.io/diligence/audits/2021/09/fei-protocol-v2-phase-1/#chainlinkoraclewrapper---latestrounddata-might-return-stale-results
By design, if a price is stale, the function ought to revert, and render the DSCEngine unusable (https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/libraries/OracleLib.sol#L11).
This is not achieved in completeness and hence putting the protocol & funds at risk.
Manual verification.
Recommend adding the following checks:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.