StrataxOracle.sol grants the contract owner full control over changing the price feed for any token. The owner can modify the price feed without any additional checks or safeguards.
This introduces a centralization risk where the owner has the ability to manipulate critical pricing data, which could lead to malicious actions if the owner's private key is compromised.
Likelihood:
This occurs when the owner changes the price feed for a token, which can be done without oversight or multi-signature approval.
The risk is present whenever the owner’s private key is compromised or misused.
Impact:
Price manipulation: A malicious owner can change the price feed to one that benefits them, potentially leading to over-borrowing or incorrect collateral valuations.
Systemic financial risk: If the price feed is manipulated, it could trigger incorrect liquidations, financial losses, or fund theft.
Example of how this can be exploited:
The owner changes the price feed to a malicious address that provides inflated prices.
A malicious user borrows funds based on the manipulated price, gaining an unfair advantage.
The contract continues to use the manipulated price feed, leading to system exploitation and fund drain.
Implement Multi-Signature for Price Feed Modifications:
Use a multi-signature wallet or governance model to approve any changes to the price feed, ensuring that no single person can manipulate prices without oversight.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.