Summary

As Patrick mentioned that we can now consider any of the available Chainlink price feeds for this project, this is breaking our code.

We are performing every function by considering the USD value of the deposited collateral, but if we are considering any of the price feeds then there are price feeds with ETH pairs, BTC pairs, and many others.

And because we have hardcoded everything considering USD, this will break the entire logic.

Let's see what will happen if the BTC/ETH price feed will be used;

Vulnerability Details

We are calculating the USD value using this ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION; calculating inside the getUsdValue function where ADDITIONAL_FEED_PRECISION is 1e10 and PRECISION is 1e18.

Right now when I am writing this BTC/ETH pair price feed return value is 15639550854844298000 (it returns with 18 decimals) and if we put this into the above function then this will be the calculation;

• 15639550854844298000 * 1e10 * 1 (we are only considering 1 BTC/ETH) = 156395508548442980000000000000

• 156395508548442980000000000000 / 1e18 = 156395508548

• And we can only mint 50% of DSC tokens then 156395508548 * 0.5 = 78197754274 This amount of DSC we can mint now.

But if we calculate the price of 1 BTC/ETH in USD then this will be the calculation;

• From the above price we need 15.639550854844298 ETH for 1 BTC and the ETH price is right now 1876 USD

• so total will be 29339 USD

It means the actual worth of 1 BTC/ETH is 29339 USD but we can mint 78197754274 DSC for it, which is clearly a flaw.

This is just an example with 1 pair, there are many others.

Impact

The current code cannot work considering all price feeds. We need to make it robust to calculate the price of the pair first to USD and then mint DSC.

Tools Used

Manual Review

Recommendations

We need to make it robust to calculate the price of the pair first to USD and then mint DSC.