search

code-423n4 / 2024-02-wise-lending-findings

11 stars 8 forks source link

Usage of deprecated `minAnswer()` and `maxAnswer()` Chainlink Aggregator functions #126

Closed c4-bot-7 closed 5 months ago

c4-bot-7 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/WiseOracleHub/OracleHelper.sol#L87-L100

Vulnerability details

Impact

OracleHelper::_compareMinMax() uses deprecated Chainlink aggregator methods. Using deprecated functions could lead to unpredictable results. Those will also not be available on newer feeds.

Proof of Concept

OracleHelper::_compareMinMax() uses the minAnswer() and maxAnswer() methods from Chainlink's AggregatorV3 as a circuit breaker to detect if the oracle has died or the market has experienced a crash.

function _compareMinMax(
    IAggregator _tokenAggregator,
    int192 _answer
)
    internal
    view
{
    int192 maxAnswer = _tokenAggregator.maxAnswer();
    int192 minAnswer = _tokenAggregator.minAnswer();

    if (_answer > maxAnswer || _answer < minAnswer) {
        revert OracleIsDead();
    }
}

Those methods have now been deprecated and Chainlink has different recommendations for mitigating these risks.

This eventually affects WiseOracleHub's getTokensFromETH(), getTokensInETH(), getTokensInUSD(), and getTokensFromUSD() methods.

Tools Used

Manual Review

Recommended Mitigation Steps

Read Chainlink's official mitigation guidelines for this issue: https://docs.chain.link/data-feeds/selecting-data-feeds#risk-mitigation

Assessed type

Oracle

GalloDaSballo commented 6 months ago

Max impact would be QA, but this simply seems invalid and unbacked

c4-pre-sort commented 6 months ago

GalloDaSballo marked the issue as insufficient quality report

c4-pre-sort commented 6 months ago

GalloDaSballo marked the issue as primary issue

c4-judge commented 5 months ago

trust1995 marked the issue as unsatisfactory: Out of scope