Chainlink minAnswer and maxAnswer price bounds cause oracles to report incorrect prices during flash crashes and extreme events

# Chainlink minAnswer and maxAnswer price bounds cause oracles to report incorrect prices during flash crashes and extreme events Chainlink price feed aggregators have configurable `minAnswer` and `maxAnswer` bounds. When the actual market price falls below `minAnswer` or exceeds `maxAnswer`, the aggregator reports the boundary value instead of the real price. This creates a divergence between the oracle-reported price and the actual market price during extreme events. **Flash crash scenario**: if ETH drops to $100 but the feed's `minAnswer` corresponds to $500, the oracle reports $500. A protocol using this feed believes collateral is worth $500 when it is worth $100, allowing borrowers to take on debt far exceeding their actual collateral value. Liquidation triggers are delayed because the oracle never reports the price that should trigger them. **Price spike scenario**: if `maxAnswer` caps at a price below the actual market, protocols undervalue collateral, potentially triggering unnecessary liquidations or preventing borrowers from accessing their full collateral value. The defense: protocols must check whether the returned price equals `minAnswer` or `maxAnswer` (a circuit breaker check) and either revert or switch to a fallback oracle when boundary prices are detected. This is related to but distinct from staleness checks. Since [[Chainlink price feed heartbeats vary between feeds with similar names requiring per-feed verification rather than assuming uniform update frequency]], staleness detection catches delayed updates, while `minAnswer`/`maxAnswer` checks catch clamped-but-fresh updates. Both checks are required for complete oracle safety. ```solidity (, int256 price,, uint256 updatedAt,) = feed.latestRoundData(); require(price > minAnswer && price < maxAnswer, "circuit breaker"); require(block.timestamp - updatedAt <= heartbeat, "stale price"); ``` --- Relevant Notes: - [[Chainlink price feed heartbeats vary between feeds with similar names requiring per-feed verification rather than assuming uniform update frequency]] -- complementary check: staleness catches delayed updates, min/max catches clamped-but-fresh updates - [[flash loan oracle manipulation enables price feed attacks against defi protocols]] -- related: flash crashes can be natural or attacker-induced via flash loans - [[DeFi protocols on L2 must check L2 sequencer uptime before consuming Chainlink price feeds to prevent stale data exploitation]] -- third required oracle safety check alongside staleness and circuit breaker Topics: - [[vulnerability-patterns]]