Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Literally, price can not be zero
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Literally, price can not be zero
Invalid, price can never be zero, since answer
is checked to be greater than zero here. There can be potential precision loss, but this issue fails to prove that.
Varun_05
medium
Price should be checked after it has been reduced to e6 precision
Summary
After reducing the price to e6 the price value might become zero .
Vulnerability Detail
Following is the code where price is reduced to e6 precision
So there may be a case when the answer value that is returned by the chainlink feed address is too low as compared to the price feed decimals due to which even if the answer is multiplied with e6 if results zero then the price of collateral can be set to zero
Impact
If the price is set to zero then in the following function where it is used can cause erroneous calculation
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/d9c39e8dfd5601e7e8db2e4b3390e7d8dff42a8e/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L284 https://github.com/sherlock-audit/2023-12-ubiquity/blob/d9c39e8dfd5601e7e8db2e4b3390e7d8dff42a8e/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L247
Tool used
Manual Review
Recommendation
Add the following