No Fallback for Prolonged Oracle Failures in getEthUsdPrice
Vulnerability Details
The getEthUsdPrice function fetches ETH/USD prices from Chainlink and Uniswap oracles. It has a fallback to use the Chainlink price if Uniswap prices deviate significantly. However, if both oracles fail to provide a price (return 0), the function will continuously return 0 without any alternative source of price data or historical price reference. This lack of redundancy and historical data fallback will leave the system without a functional price feed for an extended period.
Impact
The getEthUsdPrice function is critical for providing a reliable ETH/USD price feed. Without a fallback mechanism, prolonged oracle failures could result in the function returning 0, which will halt and impair dependent financial operations such as pricing, liquidations, or collateral management within the system.
Tools Used
Manual review
Recommendations
Store the last known good price within the contract state and use it when current oracle queries fail.
Integrate additional oracles to provide redundancy and increase resilience against single points of failure.
Allow for a manual update of the price feed by a trusted party through a secure governance process in case of prolonged oracle failures.
Lead Judging Commences
Informational/Invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.