The PriceFeed contract leverages Chainlink and Pyth oracles to determine the price of assets. The getSqrtPrice function fetches data from Chainlink without validating if the price is within a predefined acceptable range. This oversight can lead to using distorted prices in financial calculations, especially during extreme market conditions or oracle malfunctions.
Proof of Concept
The PriceFeed contract employs AggregatorV3Interface for fetching the price of quote tokens. The function does not incorporate checks for these prices against any minPrice or maxPrice limits, unlike the setup in some other oracle integrations which have built-in circuit breakers to handle such scenarios.
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/PriceFeed.sol#L45
Vulnerability details
Impact
The PriceFeed contract leverages Chainlink and Pyth oracles to determine the price of assets. The
getSqrtPrice
function fetches data from Chainlink without validating if the price is within a predefined acceptable range. This oversight can lead to using distorted prices in financial calculations, especially during extreme market conditions or oracle malfunctions.Proof of Concept
The
PriceFeed
contract employsAggregatorV3Interface
for fetching the price of quote tokens. The function does not incorporate checks for these prices against any minPrice or maxPrice limits, unlike the setup in some other oracle integrations which have built-in circuit breakers to handle such scenarios.Tools Used
Manual
Recommended Mitigation Steps
Implement minPrice/maxPrice validation within the
getSqrtPrice
function to ensure price integrity. Here is a recommended code snippet to add:Assessed type
Oracle