Closed code423n4 closed 12 months ago
bytes032 marked the issue as duplicate of #549
bytes032 marked the issue as sufficient quality report
GalloDaSballo marked the issue as satisfactory
GalloDaSballo changed the severity to 2 (Med Risk)
GalloDaSballo changed the severity to 3 (High Risk)
Lines of code
https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/core/RdpxV2Core.sol#L1240-L1241
Vulnerability details
Impact
The core contract expects the price oracle to return 1e8 precision, but its actually 1e18. This will cause heavily incorrect results from all usages of the price.
Proof of Concept
The
RdpxV2Core.getRdpxPrice
function is meant to return 1e8 precision:It can be seen that the value of
IRdpxEthOracle
is returned unchanged. Now looking at the implementation ofRdpxEthOracle.getRdpxPriceInEth
:As can be seen, the precision is 1e18.
Tools Used
Manual Review
Recommended Mitigation Steps
Divide the result from
getRdpxPriceInEth
by 1e10 to get 1e8 precisionAssessed type
Other