Summary

The getTokenAmountFromUsd function in the DSCEngine contract performs division before multiplication, potentially leading to severe loss of precision. This vulnerability can result in inaccurate token amount calculations for a given USD value, impacting financial transactions and risk assessments in the stablecoin system.

Vulnerability Details

In the getTokenAmountFromUsd function, the code divides usdAmountInWei by (uint256(price) * ADDITIONAL_FEED_PRECISION) before multiplying it by PRECISION. As uint256(price) is an integer value obtained from the price feed, it lacks decimal places. When the price is relatively small, the division operation can lead to significant loss of precision, resulting in an imprecise getTokenAmountFromUsd value.

Impact

The precision loss in getTokenAmountFromUsd can be severe and can have serious consequences in financial systems. Incorrect token amount calculations may occur for the given USD value, affecting the accuracy of transactions, investment decisions, and risk assessments. This can potentially lead to financial losses and instability in the stablecoin system.

Tools Used

Manual

Recommendations

Reorder the operations in the getTokenAmountFromUsd function. Performe the multiplication operation before division to ensure that the division occurs with the highest possible precision, reducing the risk of precision loss. By reordering the operations, the contract can maintain more accurate token amounts for the given USD value, enhancing the reliability and integrity of the stablecoin system.