When swapping, the price of the asset/stable is fetched from OracleX. After fetching the price, the deviation is checked in the _verifyStablecoinSwap_ function.
This function checks that all inputs are valid, verifies limits for minting and burning of XYZ tokens and confirms liquidity safe addresses for ERC20 tokens
If the price of an asset/stable depegs, the following verification will fail:
``
function _verifyStablecoinSwap(
address wallet,
StablecoinSwap memory ss
) internal view nonZero(ss) {
// Ensure the wallet address is not zero.
if (wallet == address(0)) revert ZeroValueInput("WALLET");
// For the origin currency:
if (isXYZ(ss.origin)) {
// Ensure the total supply does not drop below the minimum limit after burning the specified amount.
if (
Stablecoin(ss.origin).totalSupply() - ss.oAmount <
getMinLimit(ss.origin)
) revert InvalidMintBurnBoundry(ss.origin, ss.oAmount);
} else if (ss.liquiditySafe == address(0)) {
// Ensure the liquidity safe is provided for ERC20 origin tokens.
revert ZeroValueInput("LIQUIDITY SAFE");
}
Due to the fail in the deviation, any swapping activity will be disabled by default and transactions will not go through
Impact
Core functionality of the protocol will fail to work if any token they fetch depegs and its price goes outside the bounds.
Tool used
Manual Review
Recommendation
Use a secondary oracle when the first one fails and wrap the code in a try catch and store the last fetched price in a variable.
Astrotimi
Medium
If any stablecoin depegs, oracle will fail, disabling swaps
Summary
If any stable depegs, oracle will fail, disabling swaps in StablecoinHandler.sol.
Vulnerability Detail
Line of code for study:
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/stablecoin/StablecoinHandler.sol#L194
When swapping, the price of the asset/stable is fetched from OracleX. After fetching the price, the deviation is checked in the
_verifyStablecoinSwap_function.This function checks that all inputs are valid, verifies limits for minting and burning of XYZ tokens and confirms liquidity safe addresses for ERC20 tokens
If the price of an asset/stable depegs, the following verification will fail:
`` function _verifyStablecoinSwap( address wallet, StablecoinSwap memory ss ) internal view nonZero(ss) { // Ensure the wallet address is not zero. if (wallet == address(0)) revert ZeroValueInput("WALLET");
Due to the fail in the deviation, any swapping activity will be disabled by default and transactions will not go through
Impact
Core functionality of the protocol will fail to work if any token they fetch depegs and its price goes outside the bounds.
Tool used
Manual Review
Recommendation
Use a secondary oracle when the first one fails and wrap the code in a try catch and store the last fetched price in a variable.