Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

[M-01]TIMEOUT value is hardcoded

pina

Summary

Hardcoding important values like TIMEOUT that will depend on whether the price is not stale in your code is not a good practice, as it makes it difficult to maintain and adapt.

Vulnerability Details

The TIMEOUT value was declared as a constant, if ChainLink updates this value or for some security reason you want to change it, this will not be possible, jeopardizing price verification and not returning stale price.

Impact

High

Tools Used

Manual code review

Recommendations

It is recommended to have a timeout state variable that can be set through a function that can only be called by the owner of the contract or whoever has the relevant special permissions.

Considering possible timeout if it were to happen for each proposed pair.

This would give you the flexibility to adjust the timeout based on the changing needs of the DSCEngine.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.