Bumpy Gingham Aardvark - MasterPriceOracle.sol returns incorrect price during flash crashes

[sherlock-admin3]

Bumpy Gingham Aardvark

Medium

MasterPriceOracle.sol returns incorrect price during flash crashes

Summary

Chainlink price feeds have in-built minimum & maximum prices they will return; if during a flash crash, bridge compromise, or depegging event, an asset’s value falls below the price feed’s minimum price, the oracle price feed will continue to report the (now incorrect) minimum price.

For example: weETH/ETH [0xb4479d436DDa5c1A79bD88D282725615202406E3]

Root Cause

https://github.com/sherlock-audit/2024-11-autonomint/blob/main/Blockchain/Blockchian/contracts/oracles/MasterPriceOracle.sol#L83

            (, int256 price_, , , ) = oracle.latestRoundData();
            // If the token is ETH
            if (underlying == assetAddress[IBorrowing.AssetName.ETH]) {
                // Return Exchange rate as 1 and ETH price with 2 decimals
                return (1 ether, uint128((uint256(price_) / 1e6)));
            } else {
                (, uint128 ethPrice) = _price(assetAddress[IBorrowing.AssetName.ETH]);
                // Return Exchange rate and ETH price with 2 decimals
                return (uint128(uint256(price_)), ethPrice);
            }

doesn't check minAnswer and maxAnswer

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

The wrong price may be returned in the event of a market crash. An adversary will then be able to borrow against the wrong price and incur bad debt to the protocol.

PoC

No response

Mitigation

No response