Skip to content
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.

ravikiran.web3 - StableOracle address is not assigned in StableOracleDAI contract, leading to incorrect DAI usd price. #18

Closed
sherlock-admin opened this issue May 23, 2023 · 0 comments
Closed

ravikiran.web3 - StableOracle address is not assigned in StableOracleDAI contract, leading to incorrect DAI usd price. #18

sherlock-admin opened this issue May 23, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented May 23, 2023
edited by github-actions bot
Loading

ravikiran.web3

high

StableOracle address is not assigned in StableOracleDAI contract, leading to incorrect DAI usd price.

Summary

StableOracle address is set to a zero address with a comment, "TO DO".
This will impact the computation of price for DAI.

Vulnerability Detail

In the computation of USD price for DAI, the logic is using the usd price returned from StableOracle. But the stable orcale is pointing to Zero address leading to incorrect computation of DAI USD price.

Impact

This will impact the computation of collateral values and also directly impacts the rebalancing logic.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L23-L30C1

constructor() {
priceFeedDAIETH = AggregatorV3Interface(
0x773616E4d11A78F511299002da57A0a94577F1f4
);
DAIEthOracle = IStaticOracle(
0x982152A6C7f732Ec7C9EA998dDD9Ebde00Dfa16e
);
ethOracle = IStableOracle(0x0000000000000000000000000000000000000000);// TODO: WETH oracle price
}

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L33C1-L54

function getPriceUSD() external view override returns (uint256) {
address[] memory pools = new address;
pools[0] = 0x60594a405d53811d3BC4766596EFD80fd545A270;
uint256 DAIWethPrice = DAIEthOracle.quoteSpecificPoolsWithTimePeriod(
1000000000000000000, // 1 Eth
0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2, // WETH (base token)
0x6B175474E89094C44Da98b954EedeAC495271d0F, // DAI (quote token)
pools, // DAI/WETH pool uni v3
600 // period
);
uint256 wethPriceUSD = ethOracle.getPriceUSD();
// chainlink price data is 8 decimals for WETH/USD, so multiply by 10 decimals to get 18 decimal fractional
//(uint80 roundID, int256 price, uint256 startedAt, uint256 timeStamp, uint80 answeredInRound) = priceFeedDAIETH.latestRoundData();
(, int256 price, , , ) = priceFeedDAIETH.latestRoundData();

return
    (wethPriceUSD * 1e18) /
    ((DAIWethPrice + uint256(price) * 1e10) / 2);

}

Tool used

Manual Review

Recommendation

Assign the correct address so that oracle can feed correct DAI/USD prices for the StableOracleDAI.

Duplicate of #817
@github-actions github-actions bot closed this as completed Jun 5, 2023
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 5, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin