Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer. #648
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-490
edited-by-warden
grade-c
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/miner/EUSDMiningIncentives.sol#L151-L152
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/miner/EUSDMiningIncentives.sol#L212
Vulnerability details
Description
Chainlink aggregators have a built in circuit breaker if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value (i.e. LUNA crash) the price of the oracle will continue to return the minPrice instead of the actual price of the asset. This would allow user to continue getting rewards but at the wrong asset price. This is exactly what happened to Venus on BSC when LUNA imploded.
Impact
In the event that an asset crashes (i.e. LUNA) the protocol can be manipulated to give out rewards at an inflated price.
Proof of Concept
Tools Used
Manual Review
Recommended Mitigation Steps
Check against minPrice/maxPrice
Assessed type
Oracle
The text was updated successfully, but these errors were encountered: