Algo Ssstablecoinsss
First Flight #30
Beginner FriendlyDeFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

In the function _get_usd_value there is not implementation for WBTC.

eth0x

Summary

The purpose of the _get_usd_value function is to compute the USD value of a specified amount of a given token by using an oracle to fetch the latest price data.

The code indicates that the precision for ETH is handled, but not for WBTC.

Vulnerability Details

In code there is constant variable PRECISION. It has value 1 * (10**18)which is equat to 1 ETH in WEI, for WBTC should be 10^8.

return (
(convert(price, uint256) * ADDITIONAL_FEED_PRECISION) * amount
) // PRECISION

Impact

The result is divided by PRECISION here to achieve the accurate USD value. Incorrect precision can lead to obtaining a lower or higher USD value within the protocol. And this can break the protocol due to an insufficient health factor.

Tools Used

manual review

Recommendations

Please add PRECISION for WBTC.

@internal
@view
def _get_usd_value(token: address, amount: uint256) -> uint256:
price_feed: AggregatorV3Interface = AggregatorV3Interface(
self.token_address_to_price_feed[token]
)
round_id: uint80 = 0
price: int256 = 0
started_at: uint256 = 0
updated_at: uint256 = 0
answered_in_round: uint80 = 0
(
round_id, price, started_at, updated_at, answered_in_round
) = oracle_lib._stale_check_latest_round_data(price_feed.address)
precision: uint256 = 10**18 # Default precision for ETH
if token == WBTC_ADDRESS:
precision = 10**8 # Adjust precision for WBTC
return (
(convert(price, uint256) * ADDITIONAL_FEED_PRECISION) * amount
) // precision
Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.