Rounding error vulnerability, which will cause getUsdValue() to be zero, which will affect/distort the balance of getAccountCollateralValue()'s return value totalCollateralValueInUsd. #1119
Rounding error vulnerability, which will cause getUsdValue() to be zero, which will affect/distort the balance of getAccountCollateralValue()'s return value totalCollateralValueInUsd.
Rounding error vulnerability here, which will cause getUsdValue() to be zero, which will affect/distort the balance of getAccountCollateralValue()'s return value totalCollateralValueInUsd.
Rounding error vulnerability, which will cause getUsdValue() to be zero, which will affect/distort the balance of getAccountCollateralValue()'s return value totalCollateralValueInUsd.
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/foundry-defi-stablecoin-codehawks/blob/c573394cf3f21f73ef974388138193609f432c7f/src/DSCEngine.sol#L366
Summary
Rounding error vulnerability here, which will cause getUsdValue() to be zero, which will affect/distort the balance of getAccountCollateralValue()'s return value totalCollateralValueInUsd.
Vulnerability Details
PoC:
return ((uint256(price) ADDITIONAL_FEED_PRECISION) amount) / PRECISION;
For: price = 1000 ADDITIONAL_FEED_PRECISION = 1e10 amount = 100 PRECISION = 1e18
((uint256(1000) 1e10) 100) / 1e18 = (1000 1e10 100) / 1e18 = 0.001 = 0 (after rounding)
Impact
Affects accuracy of _getAccountInformation return value, on which several other functions depend on.
Tools Used
VSC, manual
Recommendations