`StableOracleWBTC` use wrong chainlink price feed contract address

Summary

StableOracleWBTC use wrong chainlink price feed address. functions rely on this data will not work properly.

Vulnerability Detail

StableOracleWBTC is used to get price of WBTC using Chainlink price feed, but priceFeed is defined using ETH/USD address (0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419) instead of WBTC/USD (0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c).

reference : https://docs.chain.link/data-feeds/price-feeds/addresses/?network=ethereum

Impact

Wrong price will returned and functions rely on this data will not work properly.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleWBTC.sol#L16-L18

Tool used

Manual Review

Recommendation

Use the correct price feed contract address :

    constructor() {
        priceFeed = AggregatorV3Interface(
            0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c // correct WBTC/USD price feed
        );
    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

028.md

028.md

`StableOracleWBTC` use wrong chainlink price feed contract address

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

028.md

Latest commit

History

028.md

File metadata and controls

StableOracleWBTC use wrong chainlink price feed contract address

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

`StableOracleWBTC` use wrong chainlink price feed contract address