KingNFT - ````keeperFee```` may be Insufficient due to implicit assumption of ````DSU```` price

[sherlock-admin]

KingNFT

medium

keeperFee may be Insufficient due to implicit assumption of DSU price

Summary

There is an implicit assumption of DSU price to be $1 USD while calculating keeperFee. Though DSU is 1:1 backed by USDC, but USDC itself is not strictly worth $1. Actually, just a few months ago, there was a significant depegging between USDC and USD. Hence, pay of keeperFee may be insufficient while depegging occurs. Keepers would get no enough premium or even lead to loss.

Vulnerability Detail

First, let's look at L46~50, the calculation result is keeperFee amount of USD. Then, we look at L54, keeperFee amount of DSU is sent to keeper with implicit assumption of 1 USD = 1 DSU. But, if DSU depegs, then 1 USD > 1 DSU, keepers receive insufficient fee.

File: root\contracts\attribute\Kept.sol
40:     modifier keep(UFixed18 multiplier, uint256 buffer, bytes memory data) {
41:         uint256 startGas = gasleft();
42: 
43:         _;
44: 
45:         uint256 gasUsed = startGas - gasleft();
46:         UFixed18 keeperFee = UFixed18Lib.from(gasUsed)
47:             .mul(multiplier)
48:             .add(UFixed18Lib.from(buffer))
49:             .mul(_etherPrice())
50:             .mul(UFixed18.wrap(block.basefee));
51: 
52:         _raiseKeeperFee(keeperFee, data);
53: 
54:         keeperToken().push(msg.sender, keeperFee);
55: 
56:         emit KeeperCall(msg.sender, gasUsed, multiplier, buffer, keeperFee);
57:     }

Impact

Keepers would get no enough premium or even lead to loss while depeg occurs.

Code Snippet

https://github.com/sherlock-audit/2023-07-perennial/blob/main/root/contracts/attribute/Kept.sol#L54

Tool used

Manual Review

Recommendation

Using chainlink USDC/USD feed to calculate accurate DSU amount.

https://data.chain.link/ethereum/mainnet/stablecoins/usdc-usd

[sherlock-admin]

1 comment(s) were left on this issue during the judging contest.

141345 commented:

l