Lack of fallbacks for price feed oracle
Summary
The protocol heavily relies on Chainlink price feeds to work correctly and in case of failure the protocol will be disrupted.
Vulnerability Details
If pausing (Chainlink Automation pauses contracts in case of unexpected scenarios happening) or some fail happens or Chainlink reverts, then LiquidationPool::distributeAssets will fail which means no rewards can be distributed and the contract becomes useless, but what is worse is that no vault can get liquidated since we are getting the collateral token in euro to determine if the vault is undercollateralized.
Impact
Without fallback solutions, the protocol will be unable to operate if Chainlink's aggregators fail to update price data.
Consider the scenario that Chainlink's aggregators fail to update price data and collateral tokens' prices dramatically go down, liquidating a vault will be impossible. Consequently, the protocol will become insolvent eventually, leading to the protocol's disruption.
Tools Used
Manual Review
Recommendations
I recommend implementing fallback solutions, such as using other off-chain oracle providers and/or on-chain Uniswap's TWAP, for feeding price data in case Chainlink's aggregators fail.
Lead Judging Commences
chainlink-revert
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.