shalbe-cvg
commented
1 year ago Hello, Thanks a lot for your attention.
This issue has already been reported in a previous issue, please check it: https://github.com/hats-finance/Convergence-Finance---IBO-0x0e410e7af8e70fc5bffcdbfbdf1673ee7b3d0777/issues/5
We have so to consider this issue as Invalid.
Github username: @Madalad Submission hash (on-chain): 0xac1fd20ce13bce9ab93e8d4bc2fa6ba45b30566ca817b062d54feab26d7ffe98 Severity: medium
Description: Description\ Chainlink aggregators have a built in circuit breaker if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value (i.e. LUNA crash) the price of the oracle will continue to return the
minAnswerinstead of the actual price of the asset. See Chainlink's docs for more info.Chainlink's
latestRoundDatapulls the associated aggregator and requests round data from it. ChainlinkAggregators haveminAnswerandmaxAnswercircuit breakers built into them. This means that if the price of the asset drops below theminAnswer, the protocol will continue to value the token atminAnswerinstead of it's actual value. This will allow users to exploit certain parts of the protocol.Attack Scenario\ This discrepency could cause major issues within the protocol and potentially lead to loss of funds. This is exactly what happened to Venus on BSC when LUNA imploded.
Attachments
Find attached a revised code file for CvgOracle.sol that implements a check on the returned
chainlinkPricevalue and requires that it is within the bounds ofminAnswerandmaxAnswer. The retrieval of the bounds is included within the function that retreives the price for clarity (using two new interfaces defined at the top of the file), however it is advised to fetch and cache these values at deployment in order to save runtime gas.Files: