Beanstalk Part 1

Summary

The Chainlink aggregator utilized in the LibEthUsdOracle contract lacks a mechanism to detect and handle scenarios where the price of an asset falls outside of a predetermined price band. This limitation can result in the oracle returning the minPrice instead of the actual price of the asset during extreme market events, such as a significant drop in value. Consequently, users may continue to interact with the system, such as minting fertilizer tokens, using inaccurate price data. similar case happened with Venus on BSC when LUNA imploded

More Refs for similar issues like this:

• https://medium.com/cyfrin/chainlink-oracle-defi-attacks-93b6cb6541bf ( check Oracle Returns Incorrect Price During Flash Crashes )

• https://github.com/sherlock-audit/2023-02-blueberry-judging/issues/18

• https://github.com/sherlock-audit/2023-05-ironbank-judging/issues/25

Impact

The Chainlink aggregator can lead to potential exploitation of price discrepancies during extreme market conditions. For instance, if the price of an asset experiences a sudden crash, the oracle may continue to provide the minPrice, allowing users to conduct transactions at incorrect prices. This could result in financial losses for users and undermine the integrity of the system.

In our scenario, the mintFertilizer function within the FertilizerFacet contract, although it falls out of our immediate scope, relies on the LibEthUsdOracle.getEthUsdPrice() function (within our scope) to fetch the ETH/USD price from the Chainlink oracle. This price is crucial for calculating the amount of Fertilizer tokens that can be acquired with the provided wethAmountIn of WETH. However, if this function returns the minPrice during extreme market events, it would not reflect the actual price of the asset. Consequently, users could continue to mint fertilizer tokens using this inaccurate price data, leading to transactions occurring at incorrect prices.

Recommendation

It is recommended to enhance the Chainlink oracle (LibEthUsdOracle) by implementing a mechanism to check the returned answer against predefined minPrice and maxPrice bounds. If the answer falls outside of these bounds, the oracle should revert the transaction, indicating that the price data is not reliable due to market conditions.