DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Chainlink price could be highly inflated

0xepley

Summary

Vulnerability Details

In the function getOraclePrice() price is forcefully being converted to uint which will cause the price to highly inflate. As stated in the docs DittoETH can support pegged assets for fiat currencies, cryptocurrencies (long and short) and commodities. In order for users to issue pegged assets

so lets take a condition that the price from the chainlink is negative which can actually happen as you can see from this issue so if the price is negative then forced conversion of the int price to uint will cause highly inflated price.

Here is the POC

pragma solidity ^0.8.0;
contract PrecisionLossExample {
uint public secondaryPrice;
function Price() public {
int price = -345678;
secondaryPrice = uint(price);
}
}

And here is the result
uint256: 115792089237316195423570985008687907853269984665640564039457584007913129294258

As you can see that the price is highly inflated

Impact

Wrong price can highly effect the protocol and will cause

Tools Used

Recommendations

There is a reason why chainlink prices are in int type so don't explicitly convert int type to uint

Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Other
nabeel Submitter
almost 2 years ago
0xnevi Lead Judge
almost 2 years ago
nabeel Submitter
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.