Open vm06007 opened 11 months ago
Team utlized _chainLinkIsDead inside latestResolver(), however throughout the code of wiseLending where oracleHub is used Team already makes these checks to make sure it is safe to use value from latestResolver()
AccessControlledOffchainAggregator
values of min and max also serve no point because they are irrelevant if we look here: https://etherscan.io/address/0xE62B71cf983019BFf55bC83B48601ce8419650CC#readContract
WOH-01M: Improper Integration of Chainlink Oracles
Description:
The
WiseOracleHub::latestResolver
function will simply invoke theIChainlinkOracle::latestRoundData
function and yield itsanswer
without any form of sanitization in relation to the oracle's status of operation.Impact:
Improper integration of Chainlink oracles will render the Wise protocol helpless in case of sharp market events or outdated price feeds.
Example:
Recommendation:
We advise multiple safeguards to be put in place with the primary safeguard being the validation of data staleness. As the Chainlink aggregator is an off-chain oracle, the data it reports entirely relies on timely operation of the off-chain Chainlink system.
There is no guarantee that the
IChainlinkOracle::latestRoundData
result is actually the latest of the market, it simply implies that it is the latest one reported on-chain. To validate that the data retrieved via the function is fresh, we advise theOracleHelper::_chainLinkIsDead
functions to be utilized.A secondary protection measure that should be put in place is extreme asset volatility protection. This measure can be put in place in two ways. A universal one that should potentially be applied across the protocol is the measurement of volatility in terms of percentage changes over a time period. This would permit sharp increases or decreases in price to allow the Wise protocol to pause borrowing or supplying of the asset in question within the system, proactively reacting to a significant market event.
An alternative, easier to implement and Chainlink-specific way to detect extreme market events is to compare the price reported by the aggregator against the minimum and maximum acceptable values the oracle is capable of reporting. If the price reported is approaching these values, it means that the oracle will soon cease reporting correct values for the asset and the asset should be measured using alternative price points (i.e. Uniswap V3 TWAPs) or be temporarily paused altogether. The minimum and maximum permitted values can be identified in the
AccessControlledOffchainAggregator
and require an additional data point to be stored whenever a new Chainlink feed is accepted into the protocol pointing to the access-controlled implementation.