Closed sherlock-admin closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
If chainlink oracle fails, it is possibly the best case scenario for the protocol given the design of the protocol is to rely on multiple oracle sources to cross-check primary pyth oracle prices
shaka
medium
Unhandled Chainlink price feed revert
Summary
Chainlink price feed reverts are not handled.
Vulnerability Detail
The execution of
OracleModule.sol:getPrice()
will revert if the Chainlink price feed is not available or the return data does not pass the validation.During certain exceptional circumstances, Chainlink oracles may become inaccessible. While the event of an offchain oracle price being invalid is handled, the onchain oracle price is not.
Impact
All operations that rely on the price feed will revert, including liquidations and PnL calculations.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/OracleModule.sol#L145
Tool used
Manual Review
Recommendation
Instead of directly invoking the
latestRoundData()
function, enclose it within a try-catch block. In the event that the call encounters a revert, mark the onchain price as invalid.