Skip to content

Latest commit

 

History

History
40 lines (23 loc) · 1.32 KB

071.md

File metadata and controls

40 lines (23 loc) · 1.32 KB

shaka

medium

Lack of Chainlink price feed data validation

Summary

Lack of Chainlink price feed data validation.

Vulnerability Detail

It is not checked that the price value returned by priceFeed.latestRoundData() is in a specific range. Chainlink aggregator could send a wrong value. Although this is unlikely, given the crucial impact that this would have in the protocol, a safety check should be added to the received price value. In the case of a negative value received for price, casting the value to a uint256 would cause the value to overflow.

Impact

In the case of a wrong price being received by Chainlink's aggregator, the whole rebalancing and minting functionalities would be broken and USSD would lose its peg.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWBTC.sol#LL23C26-L23C26

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWETH.sol#L23

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L48

Tool used

Manual Review

Recommendation

(, int256 price, , , ) = priceFeed.latestRoundData();
if (price < minPrice || price > maxPrice) {
    // Call an alternative price source or pause the protocol
}