Not checking answer min/max price would return the wrong price
Summary
Not checking answer min/max price would return the wrong price.
Vulnerability Detail
The getPrice() function should be checks answer is not below minPrice or not above maxPrice.
but we can see there is no check:
return (answer.toUint256() * Constants.PRICE_PRECISION) / 10 ** decimals;
in this scenario if the price crash and drop below minPrice, aggregator still returns minPrice. It can lead to loss of funds for users.
For example:
Token minPrice is $0.5
Price drop to $0.2
Aggregator still returns $0.5
Impact
Aggregator still returns minPrice when the price is below minPrice, that's can lead to loss of funds for users because they deal with the wrong price.
Code Snippet
function getPrice(address token_) external override returns (uint256) {
/// remap token if possible
address token = remappedTokens[token_];
if (token == address(0)) token = token_;
uint256 maxDelayTime = timeGaps[token];
if (maxDelayTime == 0) revert Errors.NO_MAX_DELAY(token_);
/// Get token-USD price
uint256 decimals = registry.decimals(token, USD);
(
uint80 roundID,
int256 answer,
,
uint256 updatedAt,
uint80 answeredInRound
) = registry.latestRoundData(token, USD);
if (updatedAt < block.timestamp - maxDelayTime)
revert Errors.PRICE_OUTDATED(token_);
if (answer <= 0) revert Errors.PRICE_NEGATIVE(token_);
if (answeredInRound < roundID) revert Errors.PRICE_OUTDATED(token_);
return
(answer.toUint256() * Constants.PRICE_PRECISION) / 10 ** decimals;
}
Avci
medium
Not checking answer min/max price would return the wrong price
Summary
Not checking answer min/max price would return the wrong price.
Vulnerability Detail
The
getPrice()function should be checks answer is not belowminPriceor not abovemaxPrice. but we can see there is no check:return (answer.toUint256() * Constants.PRICE_PRECISION) / 10 ** decimals;in this scenario if the price crash and drop belowminPrice, aggregator still returnsminPrice. It can lead to loss of funds for users.For example:
Impact
Aggregator still returns
minPricewhen the price is belowminPrice, that's can lead to loss of funds for users because they deal with the wrong price.Code Snippet
https://github.com/sherlock-audit/2023-07-blueberry/blob/7c7e1c4a8f3012d1afd2e598b656010bb9127836/blueberry-core/contracts/oracle/ChainlinkAdapterOracle.sol#L102-L126
Tool used
Manual Review
Recommendation
if (answer >= maxPrice or answer <= minPrice) revert();Duplicate of #22