The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

In `LiquidationPool.distributeAssets()`, Chainlink oracle will return the wrong price if the aggregator hits minAnswer

0xrizwan

Summary

Chainlink oracle will return the wrong price if the aggregator hits minAnswer

Vulnerability Details

Chainlink aggregators have a built in circuit breaker if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value (i.e. LUNA crash) the price of the oracle will continue to return the minPrice instead of the actual price of the asset.

In LiquidationPool.distributeAssets(), distributeAssets() function,

function distributeAssets(ILiquidationPoolManager.Asset[] memory _assets, uint256 _collateralRate, uint256 _hundredPC) external payable {
consolidatePendingStakes();
(,int256 priceEurUsd,,,) = Chainlink.AggregatorV3Interface(eurUsd).latestRoundData();
. . . some code
(,int256 assetPriceUsd,,,) = Chainlink.AggregatorV3Interface(asset.token.clAddr).latestRoundData();
. . . some code
}

Here, the function does not check the price acceptable range.

Impact

This would allow user to continue distribute the assets but at the wrong price. Similar such incident had happend to Venus on BSC when LUNA imploded

Tools Used

Manual Review

Recommendations

Consider using the following checks.

For example:

(uint80, int256 answer, uint, uint, uint80) = oracle.latestRoundData();
// minPrice check
require(answer > minPrice, "Min price exceeded");
// maxPrice check
require(answer < maxPrice, "Max price exceeded");
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

chainlink-minanswer

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

chainlink-minanswer

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.