Precision Loss in getTokenAmountFromUsd Function
Summary
The getTokenAmountFromUsd function in the DSCEngine contract performs division before multiplication, potentially leading to severe loss of precision. This vulnerability can result in inaccurate token amount calculations for a given USD value, impacting financial transactions and risk assessments in the stablecoin system.
Vulnerability Details
In the getTokenAmountFromUsd function, the code divides usdAmountInWei by (uint256(price) * ADDITIONAL_FEED_PRECISION) before multiplying it by PRECISION. As uint256(price) is an integer value obtained from the price feed, it lacks decimal places. When the price is relatively small, the division operation can lead to significant loss of precision, resulting in an imprecise getTokenAmountFromUsd value.
Impact
The precision loss in getTokenAmountFromUsd can be severe and can have serious consequences in financial systems. Incorrect token amount calculations may occur for the given USD value, affecting the accuracy of transactions, investment decisions, and risk assessments. This can potentially lead to financial losses and instability in the stablecoin system.
Tools Used
Manual
Recommendations
Reorder the operations in the getTokenAmountFromUsd function. Performe the multiplication operation before division to ensure that the division occurs with the highest possible precision, reducing the risk of precision loss. By reordering the operations, the contract can maintain more accurate token amounts for the given USD value, enhancing the reliability and integrity of the stablecoin system.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.