Liquidations will fail for tokens with decimals() != 18
Collateral token amount is calculated incorrectly
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L347
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L245
return (usdAmountInWei * PRECISION) / (uint256(price) * ADDITIONAL_FEED_PRECISION);
This line will return wei amount of a collateral which won’t work for tokens with a precision different than 18, i.e wbtc.
For wbtc it'll return an astronomical amount. A much higher than expected collateral amount will cause the health factor improvement check to fail
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L258
POC
Assuming 1 wbtc of 20000 $ and deb of 20000 $ as well.
Chainlink returns 20000e8
20000e18 * 1e18 / (20000e8 * 1e10) = 1e18 but it should be 1e8
1e18 of WBTC is 10B tokens which is more than its total supply.
Mitigation Steps:
The formulae should be changed to account for collateral token precision, i.e
return (usdAmountInWei * PRECISION) / (uint256(price) * ADDITIONAL_FEED_PRECISION * additionalPrecision(IERC20(token).decimals()));
function additionalPrecision(uint decimals) internal pure returns (uint) {
require(decimals <= 18, “tokens with decimals greater than 18 are not supported”);
return 10 ** (18 - decimals);
}
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.