The asset price will be wrong when oracle != baseOracle and the token's USD price feed's decimals != 8.
Summary
Identified a potential vulnerability regarding the assumed decimal consistency in price representations, which can yield erroneous calculations and facilitate detrimental financial outcomes.
Vulnerability Details
In this line, when the oracle is not equal to the base oracle, the decimal precision is not checked and adjusted dynamically, so we could encounter a situation where the targeted oracle has 18 decimals, while the base oracle (ETH/USD) has 8. For example, in the case where we were using AMPL/USD with 18 decimals, the calculation in the following line, found in LibOracle.sol inside the getOraclePrice function, will suffer from precision loss
Impact
The miscalculating of the price can affect directly to the functionality of the protocol leading to unexpected scenarios:
Lets take the fiction example of this:
price AMPL/USD is 1.5 with 18 decimals: 1500000000000000000
basePrice (ETH/USD) is 2500 with 8 decimals: 250000000
We will get:
Instead of the correct price:
Tools Used
Manual review
Recommendations
Dynamic calculations can be performed to ensure consistency in precision across all computations, or alternatively, only allow assets with 8-decimal DataFeed Oracles or other fixed decimals to avoid malfunctions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.