search

code-423n4 / 2023-08-goodentry-findings

3 stars 2 forks source link

Unhandled chainlink revert would lock price oracle access #436

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/helper/LPOracle.sol#L62

Vulnerability details

Impact

Call to latestRoundData() could potentially revert and make it impossible to query any prices. This could lead to permanent denial of service.

Vulnerability Details

In LPOracle.sol, getAnswer()

File: contracts/helper/LPOracle.sol

  function getAnswer(AggregatorV3Interface priceFeed) internal view returns (int256) {
    (
      , 
      int price,
      ,
      uint timeStamp,
>>    ) = priceFeed.latestRoundData();
    require(timeStamp > 0, "Round not complete");
    return price;
  }

The above functions makes use of Chainlink's latestRoundData() to get the latest price. However, there is no fallback logic to be executed when the access to the Chainlink data feed is denied by Chainlink's multisigs. Chainlink's multisigs can immediately block access to price feeds at will. Therefore, to prevent denial of service scenarios, it is recommended to query Chainlink price feeds using a defensive approach with Solidity’s try/catch structure. In this way, if the call to the price feed fails, the caller contract is still in control and can handle any errors safely and explicitly.

Referring chainlink documentation on how chainlink services are updated. Please note chainlink multisig holds the power of Chainlink’s multisigs can immediately block access to price feeds at will. It should not be taken in wrong way for chainlink though i like chainlink and its products and have respect for them. But this finding is highlighting the possible issue which can happen.

On-chain updates take place at the smart contract level, where a multi-signature safe (multisig) is used to modify on-chain parameters relating to a Chainlink service. This can include replacing faulty nodes on a specific oracle network, introducing new features such as Off-Chain Reporting, or resolving a smart contract logic error.

Reference link: https://chain.link/faqs#how-are-chainlink-services-updated

cryptonews article explaining issue with chainlink multisig Reference link: https://cryptonews.net/news/defi/20502745/

Reference:

1) Refer to https://blog.openzeppelin.com/secure-smart-contract-guidelines-the-dangers-of-price-oracles/ for more information regarding potential risks to account for when relying on external price feed providers.

2) This is similar Medium severity finding found in juicebox audit at code4rena. Reference link:- https://solodit.xyz/issues/m-09-unhandled-chainlink-revert-would-lock-all-price-oracle-access-code4rena-juicebox-juicebox-v2-contest-git

Proof of Concept

https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/helper/LPOracle.sol#L62

Tools Used

Manual Review

Recommended Mitigation Steps

Surround the call to latestRoundData() with try/catch instead of calling it directly. In a scenario where the call reverts, the catch block can be used to call a fallback oracle or handle the error in any other suitable way.

Assessed type

Oracle

c4-pre-sort commented 1 year ago

141345 marked the issue as duplicate of #10

c4-judge commented 1 year ago

gzeon-c4 marked the issue as unsatisfactory: Out of scope