Summary:

The _get_token_amount_from_usd function in the dsc_engine contract is vulnerable to price oracle manipulation. The function directly retrieves the latest price from a single oracle feed without using Time-Weighted Average Price (TWAP) or similar protection mechanisms, making the contract susceptible to price manipulation attacks. This vulnerability can lead to mispricing of assets, destabilizing the protocol and allowing attackers to exploit the system.

Line#346-364

Vulnerability Details:

• Function: _get_token_amount_from_usd(token, usd_amount_in_wei)

• Issue:

  • The function directly uses the latest price from a single oracle feed for token conversion without verifying if the price has been manipulated or if the data is stale.

  • There is no protection against sudden price fluctuations, making the system vulnerable to flash price manipulation attacks.

Impact:

• An attacker could manipulate the price feed, causing incorrect token amounts to be returned.

• This could lead to malicious users minting or redeeming tokens at manipulated rates, destabilizing the system, causing financial losses, and potentially draining collateral.

Tools Used: Manual code review

Recommendations:

• Implement TWAP:
  Use a Time-Weighted Average Price to fetch prices over a period of time, reducing the effect of sudden price swings or manipulation.

  • Example:
    Chainlink's TWAP feature or custom averaging methods can be used to calculate more reliable price feeds.

• Multiple Oracle Feeds:
  Aggregate prices from multiple oracles to avoid reliance on a single source of truth, ensuring more accurate and tamper-resistant pricing.

• Stale Price Checks:
  Implement mechanisms to verify the freshness and accuracy of the price feed. If the feed is stale or outdated, revert the operation or use fallback price sources.

• Oracle Data Integrity:
  Ensure the oracle data is validated and not susceptible to manipulation by incorporating anti-manipulation measures or oracle reputation systems.