Powerful Honeysuckle Anteater
Medium
Currently we don't do any price validation for the Chainlink/Redstone oracle response.
The oracle could return return a stale price due to Chainlink/Redstone lagging in delivering actual data.
Insufficient checks on the price feed we are tracking, i.e. weETH/ETH | wrsETH/ETH | rsETH/ETH Reference in code: MasterPriceOracle.sol#L53C1-L96C6
function _price(address underlying) internal view returns (uint128, uint128) {
if (oracles[underlying] == address(0))
revert("Price oracle not found for this underlying token address.");
// get oracles based on chain
if(block.chainid == 31337 || block.chainid == 34443){
......
} else if (block.chainid == 10) {
AggregatorV3Interface oracle = AggregatorV3Interface(oracles[underlying]);
@>> (, int256 price_, , , ) = oracle.latestRoundData();
if (underlying == assetAddress[IBorrowing.AssetName.ETH]) {
// Return Exchange rate as 1 and ETH price with 2 decimals
return (1 ether, uint128((uint256(price_) / 1e6)));
} else {
(, uint128 ethPrice) = _price(assetAddress[IBorrowing.AssetName.ETH]);
// Return Exchange rate and ETH price with 2 decimals
@>> return (uint128(uint256(price_)), ethPrice);
}
} else {
return (0, 0);
}
}Stale prices, could cause significant impact in borrow/lend protocols, where we have to have accurate idea of what the actual LTV is and the value of the collateral. Otherwise we risk de-peg or arbitrage scenarios.
Add non-zero validation for the answer, and constraints for staleness. Check out Euler's implementation: https://github.com/euler-xyz/euler-price-oracle/blob/4c798098e6212e4cbf9387526e4f918d270191f0/src/adapter/chainlink/ChainlinkOracle.sol