Summary

If WBTC depegs, users can use it to mint DSC @BTC/USD price and protocol will accumulate bad collateral and risk to became insolvent.

Vulnerability Details

Chainlink doesn't have a WBTC/USD oracle for Ethereum L1.
BTC is not a native Ethereum asset and only a wrapped version of BTC can exist on Ethereum. Given this it's fair to assume, with current implementation, a BTC/USD price feed will be used to reflect the WBTC/USD price if protocol should deploy on Ethereum L1.

WBTC is not and shouldn't be considered equivalent of BTC. WBTC is as safe as its centralized custodians and/or a smart contract bridge. These risks should be accounted for.

When USD value is calculated, getUsdValue will call BTC/USD price feed. If WBTC depegs, this price feed will return a wrong price.

Impact

Protocol will take on a large amount of bad collateral should WBTC bridge become compromised and WBTC depegs.

Tools Used

Manual review, Solodit

Recommendations

For similar issues (1) a dual oracle system that includes Chainlink oracle + on chain liquidity based oracle was proposed. If delta price reported by these 2 oracles is bigger than a predefined threshold, mining new DSC should be stopped.

Beside above solution I think calculating WBTC/USD price using both WBTC/BTC and BTC/USD Chainlink price feeds eliminates the risks and still allow user to use WBTC inside the protocol.