Summary

Chainlink aggregators have a in-built circuit breaker, if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value the price of the oracle will continue to return the minPrice instead of the actual price of the asset. This would give the wrong price of an asset . (This is exactly what happened to Venus on BSC when LUNA imploded).

Vulnerability Details

OracleLib uses the Chainlink to obtain the price of the requested tokens.

ChainlinkFeedRegistry#latestRoundData pulls the associated aggregator and requests round data from it. ChainlinkAggregators have minPrice and maxPrice circuit breakers built into them. This means that if the price of the asset drops below the minPrice, the protocol will continue to value the token at minPrice instead of it's actual value.

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/libraries/OracleLib.sol#L27

Example:
TokenA has a minPrice of $1. The price of TokenA drops to $0.50. The aggregator still returns $1 which is 5x it's actual value.

Impact

In the event that an asset crashes the protocol will return wrong value for getTokenAmountFromUsd() (https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L340C14-L340C35) which is used in liquidate() for liquidation of user's token if the user has broken the health factor.
It will also impact the getUsdValue() (https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L361C14-L361C25) function which is used to calculate the health factor of user.

Tools Used

Manual Review

Recommendations

OracleLib should check the returned answer against the minPrice/maxPrice and revert if the answer is outside of the bounds: