Steadefi

Summary

In some extreme cases, oracles can be taken offline or token prices can fall to zero. Therefore a call to chainlink’s latestRoundData could potentially revert and none of the circuit breakers would fallback to query any prices automatically.

Vulnerability Details

The chainlink oracle is used in the system to convert the tokens into USD value. But the protocols assume that chainlink oracle never reverts and always returns something as answer when calling latestRoundData .

The issue arises from the possibility that Chainlink multisignature entities might intentionally block access to the price feed. In such a scenario, the invocation of the latestRoundData function could potentially trigger a revert, making checks like _chainlinkIsFrozen() and _badChainlinkResponse() ineffective in mitigating the consequences, as they would be incapable of querying any price data or specific information.

In certain exceptional circumstances, Chainlink has already taken the initiative to temporarily suspend specific oracles. As an illustrative instance, during the UST collapse incident, Chainlink opted to halt the UST/ETH price oracle to prevent the dissemination of erroneous data to various protocols.

Additionally, these dangerous oracle's scenarios are very well documented by OpenZeppelin in https://blog.openzeppelin.com/secure-smart-contract-guidelines-the-dangers-of-price-oracles.

Proof of concept

Here is the implementation of the chainlink function.

https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/oracles/ChainlinkOracle.sol#L151C2-L170C4

Wrapper function where this data is consumed

https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/strategy/gmx/GMXReader.sol#L62

Some places where this is used.

https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/strategy/gmx/GMXDeposit.sol#L104

https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/strategy/gmx/GMXManager.sol#L88

Impact

If a configured Oracle feed has malfunctioned or ceased operating, it will produce a revert when checking for latestRoundData that would need to be manually handled by the system.

Tools Used

Manual review & previous audit example

Recommendations

Encase the invocation of the function latestRoundData() within a try-catch construct instead of invoking it directly. In circumstances where the function call results in a revert, the catch block may serve the purpose of invoking an alternative oracle or managing the error in a manner that is deemed appropriate for the system.

example: https://github.com/liquity/dev/blob/main/packages/contracts/contracts/PriceFeed.sol#L522-L540