Open hats-bug-reporter[bot] opened 1 week ago
DUPLICATE #2
We are aware of the dependency on Chainlink. We decided not to implement a secondary oracle to cross-check the values because the price oracle is only being used for calculating the performance fee.
This is out of scope, it was already pointed out by the auditors.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xdb1d03b9e1c9425e6fa34585398ac2572f3b0d2cddfac1e0788d1a366ed32a42 Severity: medium
Description: Description\
The
PriceOracle:: _latestRoundData
function in the PriceFeed contract is vulnerable to returning incorrect prices if the Chainlink oracle's circuit breaker mechanism is triggered. This can lead to users Trade the market against assets at incorrect prices, potentially causing significant financial losses and instability in the protocol. This scenario occurred on Venus on the Binance Smart Chain (BSC) during the collapse of LUNA.When using the
latestRoundData()
the price of an asset deviates significantly from a predefined price range, Chainlink aggregators activate a circuit breaker mechanism. This mechanism causes the oracle to consistently return the minimum price instead of the actual price of the asset.Consequently, users can continue to Trade the asset, but at an incorrect price.
For instance, consider TokenA with a minPrice set at $1. If the price of TokenA drops to $0.10, the aggregator still reports $1. This scenario enables users to Trade significant amounts of token, potentially leading to bankruptcy for the protocol.
chainlink oracle should check the returned answer against the minPrice/maxPrice and revert if the answer is outside of the bounds: