Dug - If a pegged token oracle goes down or price falls to zero, depeg events cannot be triggered

[sherlock-admin]

Dug

medium

If a pegged token oracle goes down or price falls to zero, depeg events cannot be triggered

Summary

In some extreme cases, oracles can be taken offline or token prices can fall to zero. In these cases, triggerDepeg will not execute, even though these situations are likely what Earthquake is built for.

Vulnerability Detail

Chainlink has taken oracles offline in extreme cases. For example, during the UST collapse, Chainlink paused the UST/ETH price oracle to ensure that it wasn't providing inaccurate data to protocols.

In such a situation (or one in which the token's value falls to zero), calls to triggerDepeg would revert. This is because any call to triggerDepeg calls getLatestPrice, which calls the oracle to get the values of the pegged token.

Depending on the specifics, one of the following checks would cause the revert:

• the call to Chainlink's priceFeed.latestRoundData would fail
• if (price <= 0) revert OraclePriceZero();
• if (answeredInRound < roundID) revert RoundIDOutdated();

Impact

Depegs cannot be triggered at a time when the protocol should be paying out collateral to those who have paid the premium for the epoch.

Code Snippet

https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Controllers/ControllerPeggedAssetV2.sol#L51-L62

https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Controllers/ControllerPeggedAssetV2.sol#L273-L318

Tool used

Manual Review

Recommendation

Ensure there is a safeguard in place to protect against this possibility.

Duplicate of #422

[3xHarry]

users are made aware of this risk when participating in the epochs

[dmitriia]

Considering 462/228/71 as duplicates of 422: they have the same root issue and all are borderline low/medium, so packing them in one valid medium.

[dmitriia]

Duplicate of #422

[dugdaniels]

Escalate for 10 USDC.

I believe this issue should be de-duped.

While other issues that this issue has been grouped with primarily discuss the triggerDepeg function not being called and other edge cases, this one highlights fundamental issues in how Chainlink pricing is used.

Y2K is a protocol that is built specifically for cataclysmic scenarios. Chainlink has a history of intentionally going offline in these situations. Additionally, a token price going to zero should be anticipated and accounted for by the protocol, but instead, is ignored.

[sherlock-admin]

Escalate for 10 USDC.

I believe this issue should be de-duped.

While other issues that this issue has been grouped with primarily discuss the triggerDepeg function not being called and other edge cases, this one highlights fundamental issues in how Chainlink pricing is used.

Y2K is a protocol that is built specifically for cataclysmic scenarios. Chainlink has a history of intentionally going offline in these situations. Additionally, a token price going to zero should be anticipated and accounted for by the protocol, but instead, is ignored.

You've created a valid escalation for 10 USDC!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

[hrishibhat]

Escalation rejected

Duplicate of #422
Based on the comments above, agree with the lead judge's decision to duping the issues together in this scenario

[sherlock-admin]

Escalation rejected

Duplicate of #422
Based on the comments above, agree with the lead judge's decision to duping the issues together in this scenario

This issue's escalations have been rejected!

Watsons who escalated this issue will have their escalation amount deducted from their next payout.