Summary

The marginCollateralConfiguration.getPrice() function returns the wrong price for WSTETH

Vulnerability Details

The marginCollateralConfiguration.getPrice() function is supposed to return the USD price of a collateral type.

It makes an internal call to ChainlinkUtil.getPrice which uses a chainlink price feed to get the price of WSTETH

The issue is that WSTETH does not have a chainlink price feed denominated in USD. The only options are WSTETH/ETH and wstETH-stETH Exchange Rate. Both of these are denominated in ETH

The getPrice() function should not assume that the price feed is denominated in USD and if in case it is denominated ETH for example in WSTETH, it should multiply by the ETH/USD feed to get the price in USD (see the reccomendation).

Impact

Every time getPrice is called with WSTETH it will return a value 3000x smaller than the correct price

Tools Used

Manual review

Recommendations

If the collateral token = WSTETH

get the ETH/USD price, scale it up to 18 decimals, then multiply it by the WSTETH/ETH price

the result will be the price of WSTETH denominated in USD