Check for min/max circutit breakers while querying chainlink data
Summary
Vulnerability Details
Take a look at the contract used for getting prices https://github.com/Cyfrin/2024-02-Beanstalk-1/blob/a3658861af8f5126224718af494d02352fbb3ea5/protocol/contracts/libraries/Oracle/LibChainlinkOracle.sol#L5-L7
WOudl be key to note that in different instances, chainlink's latestROundData is being queried, but no min/max checks are applied, leading to contracts working with flawed pricing
Impact
Low, cause protocol in most instances routes this pricing call with a greedy check against another source of pricing, but the logic still seems flawed cause if the prices ever go over the boundary then there is no point in checking for the greedy difference https://github.com/Cyfrin/2024-02-Beanstalk-1/blob/a3658861af8f5126224718af494d02352fbb3ea5/protocol/contracts/libraries/Oracle/LibEthUsdOracle.sol#L80 as it's most definitely going to fail.
But in the rare case where both sources of pricing are flawed then protocol would ingest heavy manipulated data for pricing logic
Tools Used
Recommendations
Consider attaching the min/max checkers
Lead Judging Commences
Oracle min price
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.