Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Tokens other than 18 decimals can not be used as collateral

kamuik16

Summary

User using tokens other than 18 decimals can have severe malfunctioning.

Vulnerability Details

Considering that the smart contract can be used with any ERC20 token as collateral, it does not implement the same. The smart contract uses the PRECISION = 1e18 as a multiplier to calculate token amount and its usd amount. But if the smart contract is to work with all ERC20 tokens whose price feed is supported by Chainlink then it fails.

Impact

If users attempt to use tokens that have decimals other than 18 as collateral, the smart contract will miscalculate the token's value and its equivalent in USD. This can lead to a number of problems:

Overvaluation or undervaluation of collateral
Market manipulation
Contract Failure

Tools Used

VS Code
Manual Analysis
Hardhat

Recommendations

Dynamic Mechanism

Consider taking the decimals of each collateral token as an array in constructor and then multiply that particular precision value to calculate its amount and usd value.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.