T1MOH - StableOracleDAI values DAI at $2

[sherlock-admin]

T1MOH

high

StableOracleDAI values DAI at $2

Summary

Price from Chainlink DAI/ETH is in terms of ETH, i.e. returns how much ETH costs 1 DAI. But protocol assumes it returns how much DAI costs 1 ETH, resulting in broken math.

Vulnerability Detail

This vulnerability is close to using 8 decimals instead of 18 for priceFeedDAIETH oracle, but is distinct because it uses price from oracle in wrong way. Protocol uses this oracle:

    constructor() {
        priceFeedDAIETH = AggregatorV3Interface(
            0x773616E4d11A78F511299002da57A0a94577F1f4
        );

But oracle returns 1 DAI = 0.00055 ETH

It results in wrong formula accounting (suppose 1 ETH = 1820 DAI):

        // (1820e18 * 1e18) / ((1820e18 + 0.00055e18) / 2) = 2e18
        return
            (wethPriceUSD * 1e18) /
            ((DAIWethPrice + uint256(price) * 1e10) / 2);

Impact

It will overvalue DAI as collateral, resulting in undercollateralisation of protocol.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L50-L52
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L24-L26

Tool used

Manual Review

Recommendation

1. You can just use Chainlink DAI/USD oracle
2. Or convert value from DAI/ETH to ETH/DAI, but I'm not sure about rounding issue:

        (, int256 priceDaiEth, , , ) = priceFeedDAIETH.latestRoundData();
        // (1e8 / priceDaiEth) ---- means how much times of 1 DAI to take to get 1 ETH
        // 1e18 * (...) ---- multiplies price to 18 decimals
        uint256 priceEthDai = 1e18 * (1e8 / priceDaiEth);

        return
            (wethPriceUSD * 1e18) /
            ((DAIWethPrice + priceEthDai) / 2);

Duplicate of #236