Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

Submission Details

Severity: high

Zero Oracle price feed result

Function getTokenAmountFromUsd does not check for zero return value

Function getTokenAmountFromUsd should affirm that the final calculated amount is more that zero before returning.

Liquidators risk getting zero collateral when the Chainlink oracle returns a zero price

Manual review

Ln 347 should first calculate the token amount then confirm that its more than zero.

uint256 tokenAmount = (usdAmountInWei * PRECISION) / (uint256(price) * ADDITIONAL_FEED_PRECISION);

require(tokenAmount > 0," Too low token amount");

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.