`SmartVaultV3::euroCollateral` does not have fallback if `PriceCalculator`
Summary
PriceCalculator::tokenToEurAvg can revert if there were many price updates in the last 4 hours. Because of while loop in PriceCalculator::avgPrice. This is not handled in SmartVaultV3::euroCollateral and can lead to reverts in liquidation because undercollateralised will revert.
Vulnerability Details
PriceCalculator::avgPrice has a while loop over all the prices in the last 4 hours.
Chainlink oracle update price on deviation, and on heartbeat. For ARB a deviation is only 0.05%
https://docs.chain.link/data-feeds/price-feeds/addresses?network=arbitrum&page=1&search=arb
| Pair | Deviation | Heartbeat | Dec | Address and info |
|---|---|---|---|---|
| 🟢ARB / USD | 0.05% | 86400s | 8 | 0xb2A824043730FE05F3DA2efaFa1CBbe83fa548D6 |
In case of high volatility the price can change so often that it would not be enough gas in block to finish the while-loop in PriceCalculator::avgPrice => revert in SmartVaultV3::euroCollateral => revert in maxMintable => revert in undercollateralised => revert in liquidations/mint/burn |
Impact
Bad debt because no one can liquidate a vault
Users can't mint or burn EUROs
Tools Used
Manual review
Recommended Mitigation Steps
Consider having a fallback way to get a price in case PriceCalculator reverts. Consider using a different implementation of PriceCalculator
Lead Judging Commences
informational/invalid
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.