Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Denial of service for tokens with decimals different than 18

pacelli

Summary

By hardcoding PRECISION = 18, the protocol assume all tokens have 18 decimals places, this could create a denial of service for tokens that have different of amount decimals.

Vulnerability Details

If a user deposits 1 WBTC (1e8), the USD value for this collateral is 0.0000001 dollars, which doesn't represent the actual market value of WBTC.

Due to this low amount of USD value, the health factor for this user is 0.00000005, which will not allow the user to use DSCEngine::mintDsc or DSCEngine::depositCollateralAndMintDsc to mint tokens.

Tools Used

Manual verification.

Recommendations

Don't hardcode the precision, instead dynamically query the token contracts for the amount of decimals to properly handle the precision.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.