QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

ChainlinkOracle Lacks Circuit Breaker Validation Leading to Potential Price Manipulation

Zealynx

Description

The ChainlinkOracle.sol contract fails to validate Chainlink's circuit breaker bounds (minAnswer/maxAnswer) when fetching price data. Chainlink feeds have built-in minimum and maximum price thresholds, and when an asset's price moves beyond these bounds, the oracle returns these threshold values instead of the actual market price.

Current implementation:

function _getData() internal view override returns (int216, uint40) {

(, /*uint80 roundID*/ int data, , /*uint startedAt*/ uint timestamp, ) =

/*uint80 answeredInRound*/ priceFeed.latestRoundData();

require(data > 0, "INVLDDATA");

data = data * int(10 ** normalizationFactor);

return (int216(data), uint40(timestamp));

}

The function only validates that the price is greater than zero but doesn't check if the Chainlink circuit breaker has been triggered. This is particularly dangerous because:

The returned price is used for AMM weight adjustments
The price undergoes normalization which could amplify the issue
The normalized price is then cast to int216 without additional bounds checking

Impact

If an asset experiences extreme price movements (like the LUNA crash), the oracle will return minAnswer or maxAnswer instead of the true market price. This could lead to:

Incorrect Pool Weights: The AMM could maintain incorrect weights based on stale threshold prices
Mispriced Trades: Users could execute trades at incorrect prices if the real market price is beyond the bounds
Amplified Issues: The normalization factor (10 ** normalizationFactor) could amplify the price discrepancy

Real-world precedent:

Venus Protocol lost $11M during the LUNA crash due to Chainlink's circuit breaker returning minimum price instead of the actual crashed price
Similar issues have been identified in audits of Euler Finance and other protocols

Mitigation

Consider implementing any of these strategies:

Fallback Oracle System
- Integrate a secondary price oracle (e.g., Uniswap TWAP)
- Compare Chainlink price against the fallback oracle with a defined deviation threshold
- If deviation exceeds threshold, use fallback price or pause weight adjustments
AMM-Specific Safeguards
- Implement maximum weight adjustment limits per update
- Add trade size restrictions that scale with price volatility
- Consider temporary trading suspensions if price movements exceed certain thresholds

These solutions provide protection while:

Avoiding expensive on-chain minAnswer/maxAnswer validations
Maintaining protocol functionality during normal market conditions
Gracefully handling extreme market events
Preserving gas efficiency for normal operations

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

invalid_chainlink_min_max_no_check

LightChaser: ## [Low-25] Chainlink answer is not compared against min/max values

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.