ChainlinkBasic Manual Review Findings

CBC-01M: Improper Integration of Chainlink Oracles

Type	Severity	Location
External Call Validation		ChainlinkBasic.sol:L83-L89

Description:

The referenced invocation of latestRoundData is insecure as it does not properly sanitize the result of the oracle call.

Impact:

Currently, a misbehaving Chainlink oracle will not be detected by the Myso Finance protocol causing it to consume incorrect or outdated / stale price points for the assets it is querying.

Example:

Copy
80function checkAndReturnLatestRoundData(
81    address oracleAddr
82) internal view returns (uint256 tokenPriceRaw) {
83    (
84        uint80 roundId,
85        int256 answer,
86        ,
87        uint256 updatedAt,
88        uint80 answeredInRound
89    ) = AggregatorV3Interface(oracleAddr).latestRoundData();
90    if (
91        roundId == 0 ||
92        answeredInRound < roundId ||
93        answer < 1 ||
94        updatedAt == 0 ||
95        updatedAt > block.timestamp
96    ) {
97        revert Errors.InvalidOracleAnswer();
98    }
99    tokenPriceRaw = uint256(answer);
100}

Recommendation:

We advise the code to be updated, enforcing proper sanitization measure(s) to the external Chainlink oracle call.

The data point of interest the latestRoundData function yields is the updatedAt timestamp. The desire is to enforce a particular "heartbeat" of data validity that ensures the updatedAt value satisfies the time threshold imposed by the Myso Finance protocol. We should note that Chainlink imposes different heartbeats for different asset types and as such the time limit that should be imposed needs to be sensible based on the Myso Finance protocol's needs and the idle-time threshold Chainlink has set for each particular data feed.

As an alternative, we advise an administrative manual "pause" mechanism to be introduced, preventing price measurements from the ChainlinkBasic::getPriceOfToken method to be utilized. This will permit the Myso Finance team to be able to quickly react in case of abnormal market events such as that of the LUNA price crash.

Alleviation (c740f7c6b5ebd365618fd2d7ea77370599e1ca11):

The Myso Finance evaluated this exhibit and has stated that administrative pause functionality can be simulated by adjusting the whitelist state of the oracle to NOT_WHITELISTED, thereby preventing new borrowing to utilize it.

As such, we consider this exhibit alleviated given that the Myso Finance team is sufficiently equipped to react to abnormal market events.