The getTokenAmountFromUsd
function in the DSCEngine
contract performs division before multiplication, potentially leading to severe loss of precision. This vulnerability can result in inaccurate token amount calculations for a given USD value, impacting financial transactions and risk assessments in the stablecoin system.
In the getTokenAmountFromUsd
function, the code divides usdAmountInWei
by (uint256(price) * ADDITIONAL_FEED_PRECISION
) before multiplying it by PRECISION
. As uint256(price)
is an integer value obtained from the price feed, it lacks decimal places. When the price is relatively small, the division operation can lead to significant loss of precision, resulting in an imprecise getTokenAmountFromUsd
value.
The precision loss in getTokenAmountFromUsd
can be severe and can have serious consequences in financial systems. Incorrect token amount calculations may occur for the given USD value, affecting the accuracy of transactions, investment decisions, and risk assessments. This can potentially lead to financial losses and instability in the stablecoin system.
Manual
Reorder the operations in the getTokenAmountFromUsd
function. Performe the multiplication operation before division to ensure that the division occurs with the highest possible precision, reducing the risk of precision loss. By reordering the operations, the contract can maintain more accurate token amounts for the given USD value, enhancing the reliability and integrity of the stablecoin system.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.