Error in Chainlink oracle call not handled

Summary

Error in Chainlink oracle call not handled.

Vulnerability Detail

In the case of Chainlink oracle being taken offline or erroring for any other reason priceFeed.latestRoundData() will revert.

Impact

Rebalancing and minting functionalities would be broken and USSD would lose its peg.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWBTC.sol#LL23C26-L23C26

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWETH.sol#L23

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L48

Tool used

Manual Review

Recommendation

Handle possible error with a try-catch block.

try priceFeed.latestRoundData() returns (
    uint80,
    int256 price,
    uint256,
    uint256,
    uint80
) {
    return
        (wethPriceUSD * 1e18) /
        ((DAIWethPrice + uint256(price) * 1e10) / 2);
} catch Error(string memory) {            
    // Call an alternative price source or pause the protocol
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

070.md

070.md

Error in Chainlink oracle call not handled

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

070.md

Latest commit

History

070.md

File metadata and controls

Error in Chainlink oracle call not handled

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation