Reading Chainlink on the forex markets price outside forex market hours
Summary
Reading Chainlink on the forex markets price outside forex market hours can lead to stale price return value.
Vulnerability Details
According to the Chainlink documentation, assets on the Forex (Foreign Exchange) markets are traded only during defined market hours. In addition, as mentioned in its documentation, the protocol uses the Chainlink EUR/USD price feed.
However, the contract allows to take out new loans or repay debt every day of the week including Saturday and using these features implies to query the Chainlink EUR/USD feed for the exchange rate. Which means the protocol is reading the price feed outside the forex market hours.
Impact
The protocol is reading the Chainlink EUR/USD feed to get the real world price outside the recommended market hours. This can lead to stale price.
Depending on whether the price on-chain is higher or lower than the feed price, the impact is twofold :
Liquidation
some users could be liquidated when they should not if the price is above the feed price
no liquidation is performed when there should be if the price is below the feed price
Swaps
there would be more or less tokens output than there should.
Tools Used
Manual review
Recommendations
Follow the Chainlink best practices for ETF and Forex feeds
and use the Chainlink EUR/USD price feed only during the recommended forex market hours.
Lead Judging Commences
forex
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.