DSCEngine.sol: Risk of overminting tokens due to decimal mismatch in Chainlink Price Feed
Summary
Several tokens that provide price feeds for Chainlink are using 18 decimals in their USD prices (Arbirtum's PEPE/USD price feed uses 18 decimals. https://arbiscan.io/address/0x02DEd5a7EDDA750E3Eb240b54437a54d57b74dBE#readContract)
The getUsdValue function in DSCEngine.sol calculates the price assuming 8 decimal. This decimal mismatch could allow a user to mint 1e10 times more DSC tokens than the original value, causing serious problems for the protocol.
Vulnerability Details
The getUsdValue function in DSCEngine.sol calculate price assuming the decimal in the Chainlink price feed is 8. However, for some tokens, especially the PEPE/USD token, it uses an 18 decimal:
Therefore, in the above calculation, a value is returned that is 1e10 times higher than the actual value, allowing the user to mint more DSC tokens than originally intended.
Impact
This vulnerability allows a user to mint 1e10 times more DSC tokens than the original value. This could cause significant financial losses to the protocol.
Tools Used
VS Code
Recommendations
To solve this problem, we need to dynamically check and calculate the decimal via the decimals function in the price feed.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.