Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer (or max)
Summary
Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer (or max)
Vulnerability Detail
The Chainlink aggregators implement a failsafe / circuit breaker mechanism designed to activate when the price of an asset surpasses a predefined price range. However, a potential issue arises in situations where an asset undergoes a significant decrease in value, such as a crash in the value of LUNA. In these cases, the circuit breaker within the aggregator will trigger, causing the oracle to consistently return the minPrice instead of the actual price of the asset.
The ChainlinkAggregator contract utilizes the getLatestRound library function to retrieve the most recent round data from the associated aggregator. It is important to note that ChainlinkAggregators come with built-in circuit breakers in the form of minPrice and maxPrice thresholds.
When the price of an asset falls below the minPrice threshold, the ChainlinkAggregator will consistently report the value of the asset as the minPrice, regardless of its actual market value. This behavior can potentially lead to mispricing within the protocol, as the asset's value may be inaccurately assessed based on the predefined minimum threshold.
To ensure accurate asset valuation and mitigate potential risks associated with the circuit breaker functionality, it is essential to carefully monitor and manage the price thresholds within the ChainlinkAggregator. Implementing proper mechanisms and safeguards can help maintain reliable and up-to-date asset pricing information, protecting the protocol and its users from relying on incorrect or outdated values.
It is important to carefully consider the implications of this behavior and assess potential mitigation strategies to ensure accurate pricing information is maintained during extreme market conditions.
Impact
risk users to continue interacting with perennial with the asset at an incorrect price. Users might exploit this by taking advantage of the outdated and artificially low price, potentially leading to imbalances and inaccuracies within the system.
Validate the returned answer against the predefined minPrice and maxPrice thresholds. By performing this check and reverting the transaction if the answer falls outside of the allowed bounds, the protocol can prevent the usage of incorrect or manipulated prices.
bitsurfer
medium
Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer (or max)
Summary
Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer (or max)
Vulnerability Detail
The Chainlink aggregators implement a failsafe / circuit breaker mechanism designed to activate when the price of an asset surpasses a predefined price range. However, a potential issue arises in situations where an asset undergoes a significant decrease in value, such as a crash in the value of LUNA. In these cases, the circuit breaker within the aggregator will trigger, causing the oracle to consistently return the
minPriceinstead of the actual price of the asset.The ChainlinkAggregator contract utilizes the
getLatestRoundlibrary function to retrieve the most recent round data from the associated aggregator. It is important to note that ChainlinkAggregators come with built-in circuit breakers in the form ofminPriceandmaxPricethresholds.When the price of an asset falls below the
minPricethreshold, the ChainlinkAggregator will consistently report the value of the asset as theminPrice, regardless of its actual market value. This behavior can potentially lead to mispricing within the protocol, as the asset's value may be inaccurately assessed based on the predefined minimum threshold.To ensure accurate asset valuation and mitigate potential risks associated with the circuit breaker functionality, it is essential to carefully monitor and manage the price thresholds within the ChainlinkAggregator. Implementing proper mechanisms and safeguards can help maintain reliable and up-to-date asset pricing information, protecting the protocol and its users from relying on incorrect or outdated values.
It is important to carefully consider the implications of this behavior and assess potential mitigation strategies to ensure accurate pricing information is maintained during extreme market conditions.
Impact
risk users to continue interacting with perennial with the asset at an incorrect price. Users might exploit this by taking advantage of the outdated and artificially low price, potentially leading to imbalances and inaccuracies within the system.
Code Snippet
https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial-oracle/contracts/types/ChainlinkAggregator.sol#L32-L36
Tool used
Manual Review
Recommendation
Validate the returned answer against the predefined minPrice and maxPrice thresholds. By performing this check and reverting the transaction if the answer falls outside of the allowed bounds, the protocol can prevent the usage of incorrect or manipulated prices.
Duplicate of #180