15,000 USDC
View results
Submission Details
Severity: medium
Valid

Conversion from int256 to uint256 in OracleLib risks minting of an excessive amount of DSC

Summary

Conversion from int256 to uint256 in OracleLib can cause an underflow. In the rare case that the input is a negative, it can cause the minting of an excessive amount of DSC.

Vulnerability Details

In the function getUsdValue(), the price of the asset in USD is taken from OracleLib and converted from int256 to uint256. However, this conversion can sometimes cause an underflow. In a case where the price is negative, it can result in the creation of an unlimited amount of DSC coins. This is because the underflow returns a very large value which will be very close to the type(uint256).max. Consequently, an excessive amount of DSC will be minted.

Impact

The excessive minting of DSC floods the market and consequently causes the the stablecoin to become worthless. Probability of this occuring is, however is quite low (negative prices aren't quite common), so marking medium. But occurence can be really devastating.

Tools Used

Code analysis.

Recommendations

To address this problem, it is recommended to incorporate a price validation mechanism and a revert process in case the price from OracleLib is negative.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.