The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unhandled Chainlink revert will result in frozen liquidations

spacelord47

Summary

Calls to Chainlink price feeds could potentially revert, because in rare cases feeds can be paused/disabled. But the Protocol doesn't implement any safety mechanism to handle such scenarios.

Issue Details

Chainlink oracles may be taken offline during extreme market conditions, so price feeds consumers should always consider these scenarios.

LiquidationPool utilizes price feeds, but has two weak points:

The address for EUR/USD price feed is stored in immutable eurUsd variable, and can't be upgraded after contract creation
Calls to latestRoundData are not handled for failures

LiquidationPool uses price feeds during vaults liquidations, and here is how this flow looks like:

Off-chain monitoring detects a SmartVault's collateral rate dropped, and the vault now is a subject to liquidation
A call to LiquidationPoolManager.runLiquidation made
Which internally calls LiquidationPool.distributeAssets
distributeAssets function uses price feeds to determine rewards for stakers. Not only EUR/USD price feed is used, but more importantly - all underlying(whitelisted) tokens held by the vault will also be queried for their prices.

Impact

If a price feed goes offline, any calls will revert, which means all vaults liquidations will not be possible. And, since this situation most likely will happen during extreme market condition, it may lead to significant drop in value for borrowers' assets, effectively destabilizing the value of EUROs token, and making stakers receive less rewards from liquidations.

At least 6 Chainlink price feeds will be used in the initial deployment. Also, since new ERC20 "whitelisted" tokens can be added later, even more price feeds can be in use by the protocol.

Note that, price feeds for "whitelisted" tokens used during liquidations only if a particular token was deposited to the vault. But a borrower (or a malicious entity) can deposit 1 WEI of value to the vault to force the protocol use a "broken" price feed.
This scenario significantly expands the surface for a potential DoS attack.

Recommendation

Consider adding functionality to update EUR/USD price feed address
There is no "silver bullet" solution for reverted calls on price feeds. A concrete solution will depend on the protocol's infrastructure and the risk model. I'd suggest to review Chainlink: Price Feeds Risk Mitigation for potential solutions

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

chainlink-revert

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

chainlink-revert

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.