If a market with a collateral that has `feedDecimals + tokenDecimals > 36` is added it won’t be functional

[code423n4]

Lines of code

https://github.com/code-423n4/2022-10-inverse/blob/cc281e5800d5860c816138980f08b84225e430fe/src/Oracle.sol#L87 https://github.com/code-423n4/2022-10-inverse/blob/cc281e5800d5860c816138980f08b84225e430fe/src/Oracle.sol#L121

Vulnerability details

Proof of Concept

Chainlink price feeds usually have 18 decimals, but this is not guaranteed. Also tokens usually have 18 decimals or less but this is also not the case for 100% of widely used tokens (YAM-v2 has 24).

So the normal use case is when both the feed an the token have 18 decimals or less. There are three options when the following code will revert

uint8 decimals = 36 - feedDecimals - tokenDecimals;

1. If we have feedDecimals to be 18, but tokenDecimals to be >18
2. If we have tokenDecimals to be 18, but feedDecimals to be >18
3. If there is some other combination that tokenDecimals + feedDecimals > 36

If some of the examples are the case, then the viewPrice() and getPrice() functions in Oracle.sol will always revert because of the uint underflow, resulting in all of the protocol functions being in a DoS state.

Impact

The impact is 100% malfunctioning of the protocol, but it will happen only under some Market collateral circumstances, hence the Medium severity.

Recommendation

When adding a new token and price feed in Oracle.sol add a require statement that makes sure tokenDecimals + feedDecimals <= 36

[c4-judge]

0xean marked the issue as duplicate

[c4-judge]

0xean marked the issue as not a duplicate

[c4-judge]

0xean marked the issue as duplicate of #526

[c4-judge]

0xean marked the issue as not a duplicate

[c4-judge]

0xean marked the issue as duplicate of #540

[Simon-Busch]

Issue marked as satisfactory as requested by 0xean

[c4-judge]

Simon-Busch marked the issue as duplicate of #533