Algo Ssstablecoinsss

AI First Flight #2

Beginner FriendlyDeFi

EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

Hardcoded 8-decimal oracle assumption can catastrophically misprice collateral

ra9huvansh

Root + Impact

Description

oracle prices should be normalized based on each feed’s actual decimals.
the engine hardcodes ADDITIONAL_FEED_PRECISION = 1e10, implicitly assuming all feeds use 8 decimals.

The constructor accepts arbitrary feed addresses but never validates feed decimals.

If a deployment uses a feed with a different decimal format, collateral valuation becomes severely wrong.

ADDITIONAL_FEED_PRECISION: public(constant(uint256)) = 1 * (10**10)

def _get_usd_value(token: address, amount: uint256) -> uint256:

...

return (

<(convert(price, uint256) * ADDITIONAL_FEED_PRECISION) * amount>

) // PRECISION

Risk

Likelihood:

This occurs in forks or redeployments that plug in feeds not using 8 decimals.
The constructor does not enforce feed format assumptions.

Impact:

Collateral can be overvalued or undervalued by orders of magnitude.
Overvaluation can allow minting of massively unbacked DSC.

Proof of Concept

Assume the engine is deployed with a price feed that returns 18-decimal prices

instead of 8-decimal prices.

The engine still applies:

ADDITIONAL_FEED_PRECISION = 1e10

That scaling factor is only correct when the oracle answer has 8 decimals.

If the oracle already returns 18-decimal values, the engine applies an extra 1e10 multiplier

and overstates collateral value by 10,000,000,000x.

Example:

Real oracle answer:

price = 2,000 * 1e18

Engine calculation:

usdValue = (price * 1e10 * amount) / 1e18

For 1 token of collateral:

usdValue = (2,000 * 1e18 * 1e10 * 1e18) / 1e18

= 2,000 * 1e28

Expected value:

2,000 * 1e18

Actual value used by protocol:

2,000 * 1e28

Overvaluation:

1e10x

Attack flow:

1. Attacker deposits a very small amount of collateral.

2. The engine values that collateral using the wrong decimal assumption.

3. The protocol believes the attacker has vastly more USD backing than they really do.

4. The attacker mints DSC against this inflated valuation.

5. The minted DSC is effectively unbacked because the real collateral value is far lower.

This same error also propagates into:

- health factor calculations

- liquidation checks

- get_account_collateral_value()

- get_token_amount_from_usd()

So a single oracle decimal mismatch breaks the entire solvency model of the engine.

Recommended Mitigation

- assume every feed uses 8 decimals

+ read oracle decimals during initialization

+ store a per-feed normalization factor

+ normalize prices dynamically based on feed decimals

+ revert deployment if a feed uses an unsupported decimal format

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 6 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!