15,000 USDC
View results
Submission Details
Severity: medium
Valid

DSCEngine.sol: Risk of overminting tokens due to decimal mismatch in Chainlink Price Feed

Summary

Several tokens that provide price feeds for Chainlink are using 18 decimals in their USD prices (Arbirtum's PEPE/USD price feed uses 18 decimals. https://arbiscan.io/address/0x02DEd5a7EDDA750E3Eb240b54437a54d57b74dBE#readContract)
The getUsdValue function in DSCEngine.sol calculates the price assuming 8 decimal. This decimal mismatch could allow a user to mint 1e10 times more DSC tokens than the original value, causing serious problems for the protocol.

Vulnerability Details

The getUsdValue function in DSCEngine.sol calculate price assuming the decimal in the Chainlink price feed is 8. However, for some tokens, especially the PEPE/USD token, it uses an 18 decimal:

return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;

Therefore, in the above calculation, a value is returned that is 1e10 times higher than the actual value, allowing the user to mint more DSC tokens than originally intended.

Impact

This vulnerability allows a user to mint 1e10 times more DSC tokens than the original value. This could cause significant financial losses to the protocol.

Tools Used

VS Code

Recommendations

To solve this problem, we need to dynamically check and calculate the decimal via the decimals function in the price feed.

return ((uint256(price) * 10**(18 - priceFeed.decimals())) * amount) / PRECISION;

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.