Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Hard coded Oracle precision may not fit for all Tokens

Shogoki

Summary

There is a precission correction which is hardcoded to 1e10 which might not hold true for all collateral tokens.

Vulnerability Details

DSCEngine uses Chainlink oracles as a pricefeed. To reflect the difference of the used Tokens decimals and it´s corresponding chainlink oracle there is a variable which is multiplied with, when calculating the price.
However, it is hardcoded to 1e10, which might not be valid for all available Tokens that can be used as collateral.

Impact

Wrong Amount of tokens will be calculated.

Tools Used

Manual Review

Recommendations

create a mapping to store a different feed precision per Token.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.