Assuming Oracle price feed precision can lead to incorrect value calculation #42
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Assuming Oracle price feed precision can lead to incorrect value calculation
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L70
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L347
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L366
Summary
Assuming that all x/usd Oracle price feeds return in 8 decimal places can lead to incorrect price calculation for x/usd price feeds which return in 18 decimal places.
Vulnerability Details
Although btc/usd, eth/usd & many x/usd price feeds return the answer in 8 decimal places, there are also price feeds such as ampl/usd which return the answer in 18 decimal places.
This project aims to allow others to setup their own collateral tokens, however due to the hard-coded assumption that all price feeds will return in 8 decimal places this will result in incorrect value calculation for price feeds that return in decimals other than 8.
Impact
Incorrect calculation of token amount & usd value for prices feeds that return with decimal precision != 8 can result in losses to users and to the protocol.
Tools Used
Manual
Recommendations
Read the decimal precision from the price feed and dynamically calculate the required adjustment (ADDITIONAL_FEED_PRECISION) to multiply by.
The text was updated successfully, but these errors were encountered: