Token Price Calculations may break if using other tokens
Summary
The contract assumes that all token prices will have 8 decimals in their USD value representation. This assumption is not guaranteed, especially if different tokens with varying decimal precision are introduced into the contract.
Vulnerability Details
The contract currently allows the use of WETH/WBTC deposits to mint a stablecoin. While it is intended to accept any token that has a Chainlink price feed, the contract's calculations are based on the assumption that the prices from the Chainlink pair of {Token}/USD always have 8 decimals. However, this is not always the case, and some tokens, such as AMPL, have 18 decimals in their USD price representation, as observed in this contract address. See here
Impact
Incorrect calculations due to varying decimal precisions can lead to miscalculations in token amounts, resulting in financial losses for users and potential instability in the stablecoin's value.
Tools Used
VSCode
Recommendations
It is recommended to update the contract's code to handle token prices with varying decimal precisions correctly.
Or Simply Update the contract's documentation to indicate the supported decimal precision for token prices.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.