You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chainlink oracles that have different decimals will return the wrong prices
Summary
During the liquidation process, the protocol converts the debtToCover amount into the equivalent baseCollateral amount using two prices fetched from the Chainlink data feed. However, the protocol incorrectly assumes that both assets have the same decimal, which leads to price errors when the assets have different decimals.
unchecked {
vars.collateralAssetUnit =10** vars.collateralDecimals;
vars.debtAssetUnit =10** vars.debtAssetDecimals;
}
// This is the base collateral to liquidate based on the given debt to cover
vars.baseCollateral = ((vars.debtAssetPrice * debtToCover * vars.collateralAssetUnit)) / (vars.collateralPrice * vars.debtAssetUnit);
chainlink data feed decimals is ignored and assumes that both assets have the same decimal.
Internal pre-conditions
No response
External pre-conditions
1.two assets using different decimals
Attack Path
No response
Impact
the calculation of baseCollateral is incorrect which can lead to protocol lost of funds
sherlock-admin3
changed the title
Rapid Onyx Meerkat - chainlink oracles that have different decimals will return the wrong prices
coffiasd - chainlink oracles that have different decimals will return the wrong prices
Oct 3, 2024
coffiasd
Medium
chainlink oracles that have different decimals will return the wrong prices
Summary
During the liquidation process, the protocol converts the
debtToCover
amount into the equivalentbaseCollateral
amount using two prices fetched from the Chainlink data feed. However, the protocol incorrectly assumes that both assets have the same decimal, which leads to price errors when the assets have different decimals.Root Cause
LiquidationLogic.sol::executeLiquidationCall Fetch two assets price from chainlink data feed.
LiquidationLogic.sol::_calculateAvailableCollateralToLiquidate and then converts the
debtToCover
amount into the equivalentbaseCollateral
amountchainlink data feed decimals is ignored and assumes that both assets have the same decimal.
Internal pre-conditions
No response
External pre-conditions
1.two assets using different decimals
Attack Path
No response
Impact
the calculation of
baseCollateral
is incorrect which can lead to protocol lost of fundsPoC
ampl-usd return 18 decimals
https://data.chain.link/feeds/ethereum/mainnet/ampl-usd
eth-usd return 8 decimals
https://data.chain.link/streams/eth-usd
Mitigation
compare two assets decimals before use it
Duplicate of #166
The text was updated successfully, but these errors were encountered: