PegOracle:latestRoundData
will always return zero for the nowPrice if the decimals are 18.
#76
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate
This issue or pull request already exists
old-submission-method
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/code-423n4/2022-09-y2k-finance/blob/2175c044af98509261e4147edeb48e1036773771/src/oracles/PegOracle.sol#L67-L82
Vulnerability details
Impact
The function
PegOracle:latestRoundData
will always return zero for the nowPrice if thepriceFeed1.decimals
are 18. Even if thepriceFeed1.decimals
are less than 18 it still returns a wrong value for the nowPrice.Proof of Concept
In the below code snippet, if the
priceFeed1.decimals
is 18, then the returned nowPrice will be 0; if it is smaller than 18 it returns a wrong value for the nowPrice.Tools Used
None
Recommended Mitigation Steps
Use a fixed precision (decimals) for the price.
Example:
The text was updated successfully, but these errors were encountered: