15,000 USDC
View results
Submission Details
Severity: medium
Valid

PriceFeed's are not restricted to 8 decimals.

Summary

While most of Chainlink's USD feeds are 8 decimals they are not restricted to that, if a token feed is ever added that is not 8 decimals users will be able to mint a lot more DSC than they should be able to.

Vulnerability Details

When getting the usd value of a users collateral the getUsdValue function assumes the priceFeed is 8 decimal places, however this restriction is not enforced.
If a token is ever added that has more than 8 decimals such as AAMP/USD then the return value can be overestimated. AMPL's current value is ~$1.12 and if it was fetching the price for 1 token it would be expected that getUsdValue would return: 1,120,000,000,000,000,000.
However it would currently return: 11,200,000,000,000,000,000,000,000,000

USDValue = ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;
= (1.12e18 * 1e10) * 1e18) / 1e18)
= 1.12e28

This would result in a users collateral being overestimated and health checks passing when they should not.

Impact

When a price feeds decimals does not == 8 any user could deposit a small amount of collateral and mint much more DSC than they should be able to.

Tools Used

Manual Review

Recommendations

Add a check restricting a feeds decimals to 8:

constructor(address[] memory tokenAddresses, address[] memory priceFeedAddresses, address dscAddress) {
// USD Price Feeds
if (tokenAddresses.length != priceFeedAddresses.length) {
revert DSCEngine__TokenAddressesAndPriceFeedAddressesMustBeSameLength();
}
// For example ETH / USD, BTC / USD, MKR / USD, etc
for (uint256 i = 0; i < tokenAddresses.length; i++) {
require(priceFeedAddresses[i].decimals() == 8, "...");
s_priceFeeds[tokenAddresses[i]] = priceFeedAddresses[i];
s_collateralTokens.push(tokenAddresses[i]);
}
i_dsc = DecentralizedStableCoin(dscAddress);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.