Single Point Of Failure
Summary
The reliance on a single price oracle in the LendingPool.sol contract is a vulnerability in itself. If the oracle returns a price of 0, it will cause the contract to revert, leading to a Denial of Service (DoS) for the entire protocol.
Vulnerability Details
The contract depends on a single oracle to fetch asset prices. If the oracle returns a price of 0, any transaction that relies on this price will revert. This is because the contract has a check to prevent operations with a zero price, which is a common safeguard. However, this safeguard inadvertently causes the entire protocol to become unusable if the oracle fails or returns an incorrect price.
Impact
The protocol can experience a complete halt in operations for a long time if the oracle returns a price of 0 due to a temporary outage. Users would be unable to perform any lending or borrowing operations, leading to significant gains losses and a loss of trust in the protocol.
Tools Used
Manual Review
Recommendations
Implement a fallback mechanism to use multiple oracles.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.