Summary

Chainlink’s multisigs can immediately block access to price feeds at will, which would cause the getOraclePrice() to revert. Therefore, protocol should take a defensive approach to it, currently, if such an scenario occurs, Ditto would overgo a total DOS of its major features in the affected vaults, if it were to happen in the ETH/USD price feed, the damage would be devastating.

Vulnerability Details

To prevent denial of service scenarios, it is recommended to query Chainlink price feeds using a defensive approach with Solidity’s try/catch structure. In this way, if the call to the price feed fails, the caller contract is still in control and can handle any errors safely and explicitly.
Refer to https://blog.openzeppelin.com/secure-smart-contract-guidelines-the-dangers-of-price-oracles/ for more information regarding potential risks to account for when relying on external price feed providers.

Impact

It would be total. No new markets could be created, no new order could be created, the existing ones couldn't be matched, liquidations would revert, yield couldn't be distributed, shorts couldn't be exited and shutdownMarket() also would revert, due to their dependency on getPrice().

Tools Used

Manual review, Chainlink docs and Openzeppelin blog.

Recommendations

Surround the call to latestRoundData() with try/catch instead of calling it directly. In a scenario where the call reverts, the catch block can be used to call a fallback oracle or handle the error in any other suitable way.