search

sherlock-audit / 2024-02-smilee-finance-judging

2 stars 1 forks source link

0xumarkhatab - M-2 : Denial Of Service : Unhandled Chain-link Oracle Price feed absence Revert #106

Closed sherlock-admin4 closed 8 months ago

sherlock-admin4 commented 9 months ago

0xumarkhatab

medium

M-2 : Denial Of Service : Unhandled Chain-link Oracle Price feed absence Revert

Summary

The protocol should be ready for price-feeds denial of service and prepare the logic for what happens if the price feed data is not fetched correctly.

On a Side note : Using uni swap as a second oracle sounds good assuming it can not be cheated but with the arrival of PoS It is far easy to manipulate TWAPS than before so it not a good idea to rely on it as a second oracle in case first serves a denial of service of chainlink feeds :

Read this article why it is so :

https://chainsecurity.com/oracle-manipulation-after-merge/

Vulnerability Detail

Calls to Oracles could potentially revert, which may result in a complete Denial-of-Service to smart contracts which depend upon them. Chainlink multisigs can immediately block access to price feeds at will, so just because a price feed is working today does not mean it will continue to do so indefinitely. Smart contracts should handle this by:

This would be especially bad for Smilee where large amounts of user value are stored and users will be affected because price data will no longer exist for deleted price feeds and uni swap TWAP is manipulatable.

Impact

In case price_feeds are deleted from chainlink , and the system tries to get price data from this deleted fee the entire transaction will fail due to the absence of try/catch block which could have been prevented easily.

Code Snippet

https://github.com/sherlock-audit/2024-02-smilee-finance/blob/main/smilee-v2-contracts/src/providers/chainlink/ChainlinkPriceOracle.sol#L110-L125

Tool used

Manual Review

Recommendation

Use try-catch block to fetch price data, return price data if it is fetched correctly, and add some custom logic in the catch block

sherlock-admin4 commented 8 months ago

3 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, chainlink is trusted, besides admin can always change chainlink feed to a different one if needed

tsvetanovv commented:

According to Smilee Readme and Sherlock documentation this issue type is invalid

takarez commented:

invalid