Open code423n4 opened 11 months ago
0xSorryNotSorry marked the issue as primary issue
tx fails anyway if price is invalid, either by comptroller returning or oracle reverting. doesn't matter either way how it goes down because once a failure happens, no state changes will be made.
ElliotFriedman marked the issue as sponsor disputed
Valid QA, recommend to use consistent errors throughout codebase.
alcueca changed the severity to QA (Quality Assurance)
alcueca marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Oracles/ChainlinkOracle.sol#L102-L103
Vulnerability details
Impact
Comptroller expect any error getUnderlyingPrice price will return 0, but it can be revert
Proof of Concept
Based on this
The Comptroller is expecting oracle.getUnderlyingPrice to return 0 for errors (Compound style returns, no revert).
However, the current implementation will revert when errored: getUnderlyingPrice -> getChainlinkPrice
this
getChainlinkPrice
contains tworequire
statement, which open for a revertReference: https://github.com/code-423n4/2022-09-canto-findings/issues/93
Tools Used
Manual analysis
Recommended Mitigation Steps
Instead of revert, return 0
Assessed type
Error