Conversion from int256
to uint256
in OracleLib can cause an underflow. In the rare case that the input is a negative, it can cause the minting of an excessive amount of DSC.
In the function getUsdValue()
, the price of the asset in USD is taken from OracleLib and converted from int256
to uint256
. However, this conversion can sometimes cause an underflow. In a case where the price is negative, it can result in the creation of an unlimited amount of DSC coins. This is because the underflow returns a very large value which will be very close to the type(uint256).max
. Consequently, an excessive amount of DSC will be minted.
The excessive minting of DSC floods the market and consequently causes the the stablecoin to become worthless. Probability of this occuring is, however is quite low (negative prices aren't quite common), so marking medium. But occurence can be really devastating.
Code analysis.
To address this problem, it is recommended to incorporate a price validation mechanism and a revert process in case the price from OracleLib is negative.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.