SamSteinGG
commented
2 years ago Duplicate #49
Closed code423n4 closed 2 years ago
SamSteinGG
commented
2 years ago Duplicate #49
alcueca
commented
2 years ago Duplicate of #18
Handle
pauliax
Vulnerability details
Impact
Reliance that Chainlink Oracle decimals is 8:
Hardcoded values make the code harder to maintain, you can easily miss this when later deciding to deploy the same contracts on other chains, etc.
It would make the code more robust if you do not hardcode such values but fetch them directly. The downside is increased gas costs so at least you can extract this 10**10 as a constant to improve the readability and eliminate the evaluation of not changing value over and over again.
You can check that Chainlink interface contains decimals function: https://github.com/smartcontractkit/chainlink/blob/develop/contracts/src/v0.8/interfaces/AggregatorV3Interface.sol
Recommended Mitigation Steps
To be honest, I think in practice It is very unlikely that these decimals will change but nevertheless wanted you to be informed about such a possibility.