Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Assuming Oracle price feed precision can lead to incorrect value calculation

Dacian

Summary

Assuming that all x/usd Oracle price feeds return in 8 decimal places can lead to incorrect price calculation for x/usd price feeds which return in 18 decimal places.

Vulnerability Details

Although btc/usd, eth/usd & many x/usd price feeds return the answer in 8 decimal places, there are also price feeds such as ampl/usd which return the answer in 18 decimal places.

This project aims to allow others to setup their own collateral tokens, however due to the hard-coded assumption that all price feeds will return in 8 decimal places this will result in incorrect value calculation for price feeds that return in decimals other than 8.

Impact

Incorrect calculation of token amount & usd value for prices feeds that return with decimal precision != 8 can result in losses to users and to the protocol.

Tools Used

Manual

Recommendations

Read the decimal precision from the price feed and dynamically calculate the required adjustment (ADDITIONAL_FEED_PRECISION) to multiply by.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.