Skip to content
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.

kutugu - StableOracleDAI price calculation error #150

Closed
sherlock-admin opened this issue May 23, 2023 · 0 comments
Closed

kutugu - StableOracleDAI price calculation error #150

sherlock-admin opened this issue May 23, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented May 23, 2023
edited by github-actions bot
Loading

kutugu

high

StableOracleDAI price calculation error

Summary

StableOracleDAI price calculation error

Vulnerability Detail

Note: because the code does not specify the exact calculation that each price represents. I'm basing my inferences on variable names, so it might be wrong.

  • wethPriceUSD: GUESS weth price in usd unit.
  • DAIWethPrice: GUESS dai price in weth unit.
  • price: IS dai price in weth unit, 18 decimals.

If the above conditions are true, the correct DAI price should be (wethPriceUSD * 1e18) * ((DAIWethPrice + uint256(price)) / 2);

  • wethPriceUSD: GUESS weth price in usd unit.
  • DAIWethPrice: GUESS weth price in dai unit.
  • price: IS dai price in weth unit, 18 decimals.

If the above conditions are true, the correct DAI price should be (wethPriceUSD * 1e18) / ((DAIWethPrice + 1e18 / uint256(price)) / 2);

Impact

High. Oracle price calculation error.

Code Snippet

StableOracleDAI

return
            (wethPriceUSD * 1e18) /
            ((DAIWethPrice + uint256(price) * 1e10) / 2);

Tool used

Manual Review

Recommendation

Use correct calculation

Duplicate of #236
@github-actions github-actions bot closed this as completed Jun 5, 2023
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 5, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin