15,000 USDC
View results
Submission Details
Severity: medium
Valid

The presence of a circuit breaker in the oracle aggregator may result in protocol losses

Summary

Chainlink aggregators have a built in circuit breaker, which will return the minAnswer price if it's below minAnswer, which will affect the protocol.

Vulnerability Details

function getAccountCollateralValue(address user) public view returns (uint256 totalCollateralValueInUsd) {
// loop through each collateral token, get the amount they have deposited, and map it to
// the price, to get the USD value
for (uint256 i = 0; i < s_collateralTokens.length; i++) {
address token = s_collateralTokens[i];
uint256 amount = s_collateralDeposited[user][token];
totalCollateralValueInUsd += getUsdValue(token, amount);
}
return totalCollateralValueInUsd;
}
function getUsdValue(address token, uint256 amount) public view returns (uint256) {
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
// 1 ETH = $1000
// The returned value from CL will be 1000 * 1e8
return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / 10 ** uint256(CERC20(token).decimals());
}

The protocol uses a single chainlink oracle to read the price when evaluating the user's collateral price, and when the collateral price drops significantly, the aggregator breaker returns the lowest price.
This means that users can substantially buy junk collateral in the market, mint a large amount of DSC in the protocol and then sell, bringing losses to users, users can only sell DSC to redeem high-quality collateral, and the last users too late to redeem can only bear losses.

Impact

When the price of the collateral drops significantly, malicious users can exploit the aggregator breaker problem to mint a large DSC and sell to arbitrage, leaving users with bad debts.

Tools Used

Manual review

Recommendations

Use other oracle or uniswap for price differentials

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.