Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

The presence of a circuit breaker in the oracle aggregator may result in protocol losses

kutu

Summary

Chainlink aggregators have a built in circuit breaker, which will return the minAnswer price if it's below minAnswer, which will affect the protocol.

Vulnerability Details

function getAccountCollateralValue(address user) public view returns (uint256 totalCollateralValueInUsd) {

// loop through each collateral token, get the amount they have deposited, and map it to

// the price, to get the USD value

for (uint256 i = 0; i < s_collateralTokens.length; i++) {

address token = s_collateralTokens[i];

uint256 amount = s_collateralDeposited[user][token];

totalCollateralValueInUsd += getUsdValue(token, amount);

}

return totalCollateralValueInUsd;

}

function getUsdValue(address token, uint256 amount) public view returns (uint256) {

AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);

(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();

// 1 ETH = $1000

// The returned value from CL will be 1000 * 1e8

return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / 10 ** uint256(CERC20(token).decimals());

}

The protocol uses a single chainlink oracle to read the price when evaluating the user's collateral price, and when the collateral price drops significantly, the aggregator breaker returns the lowest price.
This means that users can substantially buy junk collateral in the market, mint a large amount of DSC in the protocol and then sell, bringing losses to users, users can only sell DSC to redeem high-quality collateral, and the last users too late to redeem can only bear losses.

Impact

When the price of the collateral drops significantly, malicious users can exploit the aggregator breaker problem to mint a large DSC and sell to arbitrage, leaving users with bad debts.

Tools Used

Manual review

Recommendations

Use other oracle or uniswap for price differentials

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.