On the constructor it's defined the priceFeedAddresses and these oracle addresses are defined forever not considering the address oracle might stop working or have any other problem and there is currently no way to change that address.
Vulnerability Details
Oracles are classified by Verified Feeds, Monitored Feeds, Deprecating and so on.. if the dev implements an oracle and it for some reason stops providing the data there is currently no way to change that oracle address. This is also very useful for future devs forking this protocol and implementing deprecating oracles without even knowing, if for some reason it stops working they can't change the token oracle address.
Impact
Potential disruption of service due to unchangeable, non-functioning oracle addresses.
Tools Used
Manual review
Recommendations
Implement a function to update oracle addresses as needed.
Unchangeable Oracle Address Problem
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L112-L123
Summary
On the constructor it's defined the
priceFeedAddressesand these oracle addresses are defined forever not considering the address oracle might stop working or have any other problem and there is currently no way to change that address.Vulnerability Details
Oracles are classified by
Verified Feeds, Monitored Feeds, Deprecating and so on..if the dev implements an oracle and it for some reason stops providing the data there is currently no way to change that oracle address. This is also very useful for future devs forking this protocol and implementing deprecating oracles without even knowing, if for some reason it stops working they can't change the token oracle address.Impact
Potential disruption of service due to unchangeable, non-functioning oracle addresses.
Tools Used
Manual review
Recommendations
Implement a function to update oracle addresses as needed.