c4-bot-5 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/Bridge/L2/Oracle/RenzoOracleL2.sol?plain=1#L50-L58

Vulnerability details

Impact

The RenzoOracleL2.sol contract's getMintRate function does not have any explicit error handling for potential Chainlink oracle reverts. If the Chainlink oracle encounters an issue and reverts the price feed request, the getMintRate function will also revert, potentially leading to a Denial-of-Service (DoS) scenario.

The absence of error handling could cause the entire price feed mechanism to become unavailable, preventing users from minting or managing their xezETH tokens. This could effectively shut down the protocol's functionality, as the price feed is a critical component for the minting and bridging of assets. Users may be unable to access their funds or participate in the protocol's activities, leading to significant disruption and potential financial losses.

Proof of Concept

A user attempts to mint xezETH tokens by calling the deposit function in the xRenzoDeposit.sol contract.

The xRenzoDeposit.sol contract calls the getMintRate function in the RenzoOracleL2.sol contract to fetch the current price of ezETH.

The Chainlink oracle experiences an issue and reverts the price feed request.

The getMintRate function in the RenzoOracleL2.sol contract also reverts, causing the entire minting process to fail.

Users are unable to mint or manage their xezETH tokens, effectively shutting down the protocol's functionality.

Tools Used

Manual Review

Recommended Mitigation Steps

Implement robust error handling in the RenzoOracleL2.sol contract to gracefully handle oracle reverts and other potential failures.

Implement try/catch blocks around oracle calls and have alternative strategies ready.

Consider using multiple price feed sources and implementing fallback mechanisms to ensure the price feed remains available even if one source encounters issues.

Assessed type

DoS

raymondfam commented 6 months ago

@howlbot reject