Summary

The OracleLib calls out to a chainlink aggregator receiving the latestRoundData(). It then checks freshness by verifying that it is not more than 3 hours old (TIMEOUT). This check is insufficient.

Vulnerability Details

If there is a problem with chainlink starting a new round and finding consensus on the new value for the oracle (e.g. chainlink nodes abandon the oracle, chain congestion, vulnerability/attacks on the chainlink system) consumers of this contract may continue using outdated stale data (if oracles are unable to submit no new round is started).
Reference: https://consensys.io/diligence/audits/2021/09/fei-protocol-v2-phase-1/#chainlinkoraclewrapper---latestrounddata-might-return-stale-results

Impact

By design, if a price is stale, the function ought to revert, and render the DSCEngine unusable (https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/libraries/OracleLib.sol#L11).
This is not achieved in completeness and hence putting the protocol & funds at risk.

Tools Used

Manual verification.

Recommendations

Recommend adding the following checks: