Algo Ssstablecoinsss

First Flight #30

Beginner FriendlyDeFi

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Absence of WBTC Calculation in the health factor computation within the _calculate_health_factor function

eth0x

Summary

The goal of the _calculate_health_factor function is to compute the health factor of a position in a decentralized finance (DeFi) system. This health factor is crucial for determining the safety and risk level of a user's collateralized position. But there is only an implementation for WETH, there is none for WBTC.

Vulnerability Details

In function is calculation of health factor only for WETH. But protocol has also possibility to deposit WBTC.

(collateral_adjusted_for_threshold * (10**18))

There is multiplication of collateral_adjusted_for_threshold with 10**18.

10^18 it is value for WETH; 1 ETH == 10^18 WEI.

In the scope of WETH is good, but for WBTC is wrong. Because for BTC the smolest unit is satoshi, which is equal

1BTC = 10^8 satoshi.

There is an incorrect multiplier for BTC, and due to this vulnerability, if you try to deposit 1 BTC, WBTC's value is erroneously amplified by 10^10 times.

Impact

There is an incorrect multiplier for BTC, and due to this vulnerability, if you try to deposit 1 BTC, WBTC's value is erroneously amplified by 10^10 times.

A vulnerability with an incorrect multiplier for BTC could lead to significant issues for the protocol by overestimating the value of minted DSC.

Tools Used

manual review

Recommendations

You can add if statement to check WBTC or WETH type for set specific precision.

@internal

@pure

def _calculate_health_factor( total_dsc_minted: uint256, collateral_value_in_usd: uint256, is_wbtc: bool ) -> uint256:

if total_dsc_minted == 0:

return max_value(uint256)

collateral_adjusted_for_threshold: uint256 = ( collateral_value_in_usd * LIQUIDATION_THRESHOLD ) // LIQUIDATION_PRECISION

precision: uint256 = 10**18 # Default precision for ETH

if is_wbtc: precision = 10**8 # Adjust precision for WBTC

return (collateral_adjusted_for_threshold * precision) // total_dsc_minted

Updates

Lead Judging Commences

bube Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.