Several tokens that provide price feeds for Chainlink are using 18 decimals in their USD prices (Arbirtum's PEPE/USD price feed uses 18 decimals. https://arbiscan.io/address/0x02DEd5a7EDDA750E3Eb240b54437a54d57b74dBE#readContract)
The getUsdValue
function in DSCEngine.sol
calculates the price assuming 8 decimal. This decimal mismatch could allow a user to mint 1e10
times more DSC tokens than the original value, causing serious problems for the protocol.
The getUsdValue
function in DSCEngine.sol
calculate price assuming the decimal in the Chainlink price feed is 8. However, for some tokens, especially the PEPE/USD token, it uses an 18 decimal:
Therefore, in the above calculation, a value is returned that is 1e10
times higher than the actual value, allowing the user to mint more DSC tokens than originally intended.
This vulnerability allows a user to mint 1e10 times more DSC tokens than the original value. This could cause significant financial losses to the protocol.
VS Code
To solve this problem, we need to dynamically check and calculate the decimal via the decimals
function in the price feed.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.