Incorrect decimals on USD calculation
Summary
The code consider the return decimals from price feed is always 8 decimals but there is some cases where the decimals is different, like AMPL/USDC which have 18 decimals, this can lead to users mint more or can't be liquidated.
Vulnerability Details
The code consider to use any kind of token to create a stable coin, from description we hare: "The system is meant to be such that someone could fork this codebase, swap out WETH & WBTC for any basket of assets they like, and the code would work the same." In case of one collateral token be AMPL, which returns 18 decimals from price feed, the calculation for getTokenAmountFromUsd and getUsdValue would be incorrect, leading the user to mint more than expected and can't be liquidated.
POC
The getUsdValue is used to get total value in USD in collateral that the user have, and further used to calculate the account health factor. The incorrect decimals calculation would leave the user with larger health factor, check the calculation:
The correct value would be 10e18 and not 10e28, the inflating value in USD leave the user with better health factor than expected.
Now, checking the getTokenAmountFromUsd function, this function is called in liquidate function to calculate the amount of collateral the liquidator will get from account.
The expected value here is 1e18 but the returned is 1e8, this means the liquidator will get less collateral than he should get and in some cases he would get nothing, just paying the liquidator debts
Impact
In case of one of collateral list is AMPL, the contract will be exposed to be exploited by AMPL holders.
Tools Used
Manual Review
Recommendations
Consider using the price feed decimals instead of a constant ADDITIONAL_FEED_PRECISION
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.