getUsdValue() which is used to calculate the collateral value considers that there are only Chainlink price feeds with 8 decimals for the returned value. However, it could differ, which will cause e.g. in case of 18 decimals much higher value of the collateral returned than expected and, therefore, much more stablecoins will be possible to mint.
Possible break of the whole protocol
Severity
Medium Risk
Summary
getUsdValue() could return fully improper values.
Vulnerability Details
getUsdValue() which is used to calculate the collateral value considers that there are only Chainlink price feeds with 8 decimals for the returned value. However, it could differ, which will cause e.g. in case of 18 decimals much higher value of the collateral returned than expected and, therefore, much more stablecoins will be possible to mint.
Impact
Break of the whole protocol.
Tools Used
Manually
Recommendations
Get the decimals number from the price feed data.