15,000 USDC
View results
Submission Details
Severity: medium
Valid

Hard coded Oracle precision may not fit for all Tokens

Summary

There is a precission correction which is hardcoded to 1e10 which might not hold true for all collateral tokens.

Vulnerability Details

DSCEngine uses Chainlink oracles as a pricefeed. To reflect the difference of the used Tokens decimals and it´s corresponding chainlink oracle there is a variable which is multiplied with, when calculating the price.
However, it is hardcoded to 1e10, which might not be valid for all available Tokens that can be used as collateral.

Impact

Wrong Amount of tokens will be calculated.

Tools Used

Manual Review

Recommendations

create a mapping to store a different feed precision per Token.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.