Platform: Code4rena
Start Date: 25/10/2022
Pot Size: $50,000 USDC
Total HM: 18
Participants: 127
Period: 5 days
Judge: 0xean
Total Solo HM: 9
Id: 175
League: ETH
Rank: 89/127
Findings: 2
Award: $24.60
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: adriro
Also found by: 8olidity, BClabs, CertoraInc, Chom, Franfran, Lambda, RaoulSchaffranek, Ruhum, codexploder, cryptphi, eierina, joestakey, kaden, neumo, pashov, rvierdiiev, sorrynotsorry
24.2165 USDC - $24.22
Market uses the Oracle.getPrice() functions to compute the credit limits and withdrawal limits of users.
Given that dola has 18 decimals, this function reverts here if the token has more than 18 decimals, effectively breaking the markets that use this token as collateral.
Medium
Oracle.getPrice() is called by liquidate, borrow and forceReplenish, either directly or via internal helpers. All these functions would revert in the case described above.
The operator can bypass this by setting a fixedPrice[token], but a fixed price used on a volatile asset has its own risks, as it can lead to under-collateralized loans in Market.
Manual Analysis
Either update the computation to take into account tokens with more than 18 decimals, or ensure markets are created for collateral tokens with 18 decimals or less.
#0 - c4-judge
2022-11-04T23:46:14Z
0xean marked the issue as duplicate
#1 - Simon-Busch
2022-12-05T15:32:47Z
Issue marked as satisfactory as requested by 0xean
#2 - c4-judge
2022-12-07T08:18:20Z
Simon-Busch marked the issue as duplicate of #533
🌟 Selected for report: rbserver
Also found by: 0x1f8b, 0xNazgul, 0xc0ffEE, 8olidity, Aymen0909, Chom, Franfran, Jeiwan, Jujic, Lambda, M4TZ1P, Olivierdem, Rolezn, Ruhum, TomJ, Wawrdog, __141345__, bin2chen, c7e7eff, carlitox477, catchup, cccz, codexploder, cuteboiz, d3e4, dipp, djxploit, eierina, elprofesor, hansfriese, horsefacts, idkwhatimdoing, imare, immeas, joestakey, ladboy233, leosathya, martin, minhtrng, pashov, peanuts, pedroais, rokinot, rvierdiiev, saneryee, sorrynotsorry, tonisives
0.385 USDC - $0.38
Market uses the Oracle.getPrice() functions to compute the credit limits and withdrawal limits of users.
This function gets the price of a specific token in DOLA.
The issue is that is using a deprecated Chainlink function: latestAnswer().
This can break key Market functions, such as borrow and liquidate.
Medium
latestAnswer() can return zero under certain circumstances, instead of reverting. In such cases:
getWithdrawalLimitInternal would revert hereliquidate would revert heregetCollateralValueInternal() would return zero, making forceReplenish() revert here, borrow() revert hereThe operator can bypass this by setting a fixedPrice[token], but a fixed price used on a volatile asset has its own risks, as it can lead to a under-collateralized loans in the market.
Manual Analysis
Use a more up-to-date function of ChainLink API, such as latestRoundData
You can also prevent the price from being set to zero:
+126: if(normalizedPrice != 0 && normalizedPrice < todaysLow) { -126: if(todaysLow == 0 || normalizedPrice < todaysLow) { 127: dailyLows[token][day] = normalizedPrice; 128: todaysLow = normalizedPrice; 129: emit RecordDailyLow(token, normalizedPrice); 130: }
#0 - neumoxx
2022-10-31T08:47:40Z
Duplicate of #601
#1 - c4-judge
2022-11-05T19:43:35Z
0xean marked the issue as duplicate
#2 - Simon-Busch
2022-12-05T15:23:44Z
Issue marked as satisfactory as requested by 0xean
#3 - c4-judge
2022-12-07T08:14:14Z
Simon-Busch marked the issue as duplicate of #584