Summary

A similar incident occurred on the Binance Smart Chain (BSC) with Venus when LUNA experienced a significant decline.

Vulnerability Details

Stablecoin protocols is really tested when the collateral backing the stable coin becomes very volatile specially in negative direction (depreciating in value).

WBTC and WETH being key collateral it is very likely that asset price may drop suddenly during which chainlik oracle may not return the accurate price for below reasons :

OracleLib.sol uses ChainlinkFeedRegistry to fetch the price of the requested tokens

• These Chainlink aggregators incorporate a built-in circuit breaker mechanism designed to activate when the price of an asset deviates beyond a pre-defined price band.

• Consequently, in scenarios where an asset experiences a substantial decrease in value, like the case of LUNA crash, the oracle's price will persistently report the minimum price instead of the actual asset price.

• Essentially over-valuing users collateral.

Impact

Liquidators wont be able to liquidate many underwater users despite not having enough collateral to back.

Tools Used

Manual Review

Recommendations

The ChainlinkAdapterOracle needs to validate the received answer by comparing it against the predefined minPrice and maxPrice boundaries, and in case the answer falls outside these bounds, it should revert.