DittoETH

Summary

The getPrice() function is designed to retrieve the price of a specific asset. The function retrieves this price from the ercAmount field of the HEAD bid for the specified asset. However, there are potential issues with this implementation, including the risk of data type mismatch and the lack of validation checks.

Vulnerability Details

The getPrice() function retrieves the price as a uint80 from the ercAmount field, which is declared as uint88. This could potentially lead to data loss if the price exceeds the maximum value that can be stored in a uint80.

Impact

The potential impact of these vulnerabilities includes incorrect price data being stored and returned by the getPrice() function. This could lead to incorrect calculations or decisions based on this price data, potentially resulting in financial loss or other adverse effects.

Incorrect collateral ratios due to the potential vulnerabilities in the getPrice() function could lead to unexpected behavior in the increaseCollateral() and decreaseCollateral() functions. This could potentially allow users to manipulate their collateral in ways that should not be possible, leading to financial loss for the contract or its user

Tools Used

manual review

Recommendations

Use a larger data type for the ercAmount variable:

uint256 ercAmount;