The Standard

Proof of Concept

Using this search command: https://github.com/search?q=repo%3ACyfrin%2F2023-12-the-standard%20latestRoundData&type=code, we can see that in multiple cases and for multiple instances the price of an asset is queried by the latestRoundData() , case with this is that there are currently no checks employed to ensure that the price returned is actually within the accepted min/max boundaries

Impact

Wrong prices would be used if/when the price of an asset goves over it's min/max boundary this completely flaws every instance where priciing logic is being implemented in protocol, i.e a an asset that has say a minPrice of 1$, even if the price drops to $0.1 protocol still assumes it's $1 which goes to show that important functionality like checking if vault is undercollaterized would be queried with way off data thinking assets is worth 10X more and might lead to instances where liquidate can be called not actually going through.

Recommended Mitigation Steps

Best thing is to implement a min/max ciruit breaker check and then to this protocol can add a secondary price provider that provides the price once boundary prices are returned from Chainlink.