Upgraded Q -> 2 from #840 [1701456207749] #886
Labels
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-479
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
satisfactory
satisfies C4 submission criteria; eligible for awards
withdrawn by judge
Special case: this finding was auto-generated by a judge and is now withdrawn; it can be ignored
Comments
c4-judge
added
the
2 (Med Risk)
c4-judge
added a commit
that referenced
this issue
Dec 1, 2023
|
fatherGoose1 marked the issue as duplicate of #479 |
|
fatherGoose1 marked the issue as satisfactory |
c4-judge
added
satisfactory
|
This auto-generated issue was withdrawn by fatherGoose1 |
c4-judge
added
the
withdrawn by judge
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Judge has assessed an item in Issue #840 as 2 risk. The relevant finding follows:
[L-5] No decimal normalization in price feeds
Chainlink feeds simply returns the price without checking for any decimal discrepancy.
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/oracles/ChainlinkPriceOracle.sol#L37-L39
37: function getAssetPrice(address asset) external view onlySupportedAsset(asset) returns (uint256) {
38: return AggregatorInterface(assetPriceFeed[asset]).latestAnswer();
39: }
In the case price feeds used by supported assets don’t match in their decimals, the error will be carried forward during the calculation of the RSETH price in getRSETHPrice(), as numbers with different precision will be aggregated together.
Currently, feeds for all supported assets (stETH, cbETH and rETH) have 18 decimals, but caution must be taken if other assets are added.
The text was updated successfully, but these errors were encountered: