Unsafe type casting of _Price can malfunction the whole market
Summary
Unsafe type casting of _Price can malfunction the whole market
Vulnerability Detail
in contract OracleModule.sol and te line: 141 we can see function _getOnchainPrice() does an unsafe type of casting in converting the returned _price of chainlink oracle into uint256.
price = uint256(_price) * (10 ** 10); // convert Chainlink oracle decimals 8 -> 18
if the _price returned is negative which can happen then the the unsafe type casting from int256 to uint256 will result in a huge number close to 2**255 which will revert due to overflow.
Avci
medium
Unsafe type casting of
_Price
can malfunction the whole marketSummary
Unsafe type casting of
_Price
can malfunction the whole marketVulnerability Detail
in contract
OracleModule.sol
and te line: 141 we can see function_getOnchainPrice()
does an unsafe type of casting in converting the returned_price
of chainlink oracle intouint256
.price = uint256(_price) * (10 ** 10); // convert Chainlink oracle decimals 8 -> 18
if the_price
returned is negative which can happen then the the unsafe type casting from int256 to uint256 will result in a huge number close to 2**255 which will revert due to overflow.Impact
oracle will revert and this issue is also possible in both oracles because both will return neg price in https://stackoverflow.com/questions/67094903/anybody-knows-why-chainlinks-pricefeed-return-price-value-with-int-type-while look at this example.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/OracleModule.sol#L141-L158
Tool used
Manual Review
Recommendation
safecast
when castingint256
touint256