15,000 USDC
View results
Submission Details
Severity: medium
Valid

Wrong value calculation will cause unfair liquidation calculation

Summary

Faulty decimal assumption may cause wrong value calculation which will lead wrong health factor and liquidation of unhealthy positions won't work as expected.

Vulnerability Details

getUsdValue() function in DSCEngine.sol uses ADDITIONAL_FEED_PRECISION = 1e10 for all token pairs, assuming all tokens pairs will have 8 decimals. However, this is not the case given the contracts should work for "any basket of assets".
This may result in some healthy positions being liquidated (if price feed decimals < 8) and some unhealthy positions to look like healthy(if price feed decimals > 8).

An attacker can use such assets to deposit and mint more tokens than they should, causing protocol insolvency.

For example AMPL/USD price feed has 18 decimals and given it is enabled on the protocol an attacker can use $1 AMPL as collateral and mint $10.000.000.000 in stable coins.

https://etherscan.io/address/0xe20CA8D7546932360e37E9D72c1a47334af57706#readContract

Impact

Wrong value calculation may break whole protocol, resulting in protocol insolvency.

Tools Used

Manual review

Recommendations

Store decimals of the price feed for each pair and use that to calculate collateral value.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.