Unhandled chainlink revert would lock all price oracle access
Call to latestRoundData could potentially revert and make it impossible to query any prices.
Chainlink’s multisigs can immediately block access to price feeds at will. Therefore, to prevent denial of service scenarios, it is recommended to query Chainlink price feeds using a defensive approach with Solidity’s try/catch structure. In this way, if the call to the price feed fails, the caller contract is still in control and can handle any errors safely and explicitly.
Reference Article:
https://medium.com/cyfrin/chainlink-oracle-defi-attacks-93b6cb6541bf
Code:
In UpdatedWeightRunner::_getData there are calls that request oracle data using priceFeed.latestRoundData() which is a revert-able function. So if this were to revert, even though there are multiple fallback oracles available in the for loop surrounding it, it wouldn’t matter because the whole transaction would revert.
Recommended Mitigation:
Surround the above calls with try/catch instead of calling it directly. In a scenario where the call reverts, the catch block can be used to call the fallback oracles.
Lead Judging Commences
finding_no_try_catch_for_Chainlink_oracle
Likelihood: Low, price feed should revert. Impact: High, DoS of the protocol
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.