Unhandled Chainlink Revert in Case Its Multisigs Block Access to Price Feeds
Summary
In certain extreme conditions, like oracles going offline or token prices plummeting to zero, a call to latestRoundData could fail, lacking automatic fallback options for price queries.
Vulnerability Details
The vulnerability arises from the possibility of Chainlink multisig authorities intentionally blocking access to price feeds. As a result, calling latestRoundData may cause a revert due to the inability to retrieve price data.
Chainlink has previously deactivated some oracles in extraordinary circumstances, such as during the UST/ETH price oracle's shutdown amidst the UST collapse. This was to prevent dissemination of false information across protocols.
OpenZeppelin also underscores oracle-related risks in their article (https://blog.openzeppelin.com/secure-smart-contract-guidelines-the-dangers-of-price-oracles). Multisig entities have the power to abruptly cut off access to price feeds, which can lead to potential denial-of-service situations. A defensive approach, employing Solidity’s try/catch structure for ChainLink price feed queries, is advised. This method ensures that contracts stay operational and manage errors effectively in case of a price feed call failure.
Proof of Concept
To reduce the risk of denial-of-service, incorporating a try-catch mechanism in the LiquidationPool.distributeAssets function for Chainlink price queries is recommended. This strategy ensures error handling if the price feed call is unsuccessful.
The LiquidationPoolManager.runLiquidation function, which internally calls LiquidationPool.distributeAssets, is also at risk of disruption from an unhandled oracle revert.
References:
Impact
A malfunctioning or nonfunctional Oracle feed can lead to a revert upon querying latestRoundData, necessitating manual intervention.
Tools Used
Manual Review
Recommendations
Enclose the latestRoundData() function call within a try-catch block, rather than directly invoking it. In the case of a revert, the catch block should enable an alternative oracle or manage the error suitably for the system.
Lead Judging Commences
chainlink-revert
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.