Summary

LibOracle.sol is designed such that if the Chainlink price feed has an issue, a twap price is used instead, so that protocol does not fully depend on the Chainlink feed. However, in its current state, the library does not protect against deprecated price feeds. This means that the protocol is indeed fully dependent on Chainlink, despite implementing a fallback oracle, which is clearly unintended.

Vulnerability Details

Currently, LibOracle#getOraclePrice queries the relevant price feed by calling latestRoundData, and then calls either baseOracleCircuitBreaker or oracleCircuitBreaker internally to check that the returned data is valid, and if it is not then return a twap price. While this protects against stale prices, it is insufficient in the case a price feed is deprecated or taken offline for any other reason (Chainlink is able to add/remove price feeds at will).

This is because in such a case, the call to latestRoundData would revert, resulting in the entire transaction reverting instead of returning the twap price.

Impact

In the case of a price feed being deprecated/taken offline, any operation that involves fetching an oracle price would always revert, as opposed to the intended behaviour of relying on a twap price instead. This results in significant denial of service for the protocol.

Tools Used

Manual review

Recommendations

Consider wrapping the call inside a try/catch block so that when latestRoundData reverts, the twap price is used.