Summary

As per the documentation, LibOracle should only be returning the TWAP price from the WETH/USDC pool if the amount of WETH in the pool is >= 100e18. This is to ensure the fidelity of the data, which reduces the risk of price manipulation. However, this is not properly implemented for the case in which there was an invalid fetch of chainlink data. In this case, LibOracle simply returns the TWAP price without checking if there's enough liquidity in the pool. This can lead to a lack of data fidelity for the returned price.

It's clear that reverting should be the correct action rather than returning the TWAP price without checking the liquidity, as even when there is a valid chainlink price, if the TWAP price is closer to the cached price (and there isn't enough liquidity), it will still revert.

Vulnerability Details

LibOracle has a baseOracleCircuitBreaker function which handles whether to return the TWAP price or the chainlink price, when the asset is USD, and it is defined as follows:

When invalidFetchData is true, meaning that the chainlink price was not properly fetched, it will always return twapPriceInv. However, this lacks any checks as to whether there is at least 100 WETH in the Uniswap pool, which can result in a lack of data fidelity.

Impact

When the chainlink oracle is not functioning correctly, LibOracle will always return the TWAP price for the USD asset. However, this lacks any check as to whether there is enough liquidity in the Uniswap pool to guarantee data fidelity, meaning there is a higher likelihood of price manipulation.

Tools Used

Manual review

Recommendations

Before returning the TWAP price when invalidFetchData is true, first check whether the WETH/USDC pool has enough liquidity.