Future Sage Ostrich - Chainlink Oracle would return wrong value of price due to improper scaling

[sherlock-admin2]

Future Sage Ostrich

Medium

Chainlink Oracle would return wrong value of price due to improper scaling

Summary

Chainlink Oracle would return wrong value of price due to improper scaling

Root Cause

https://github.com/sherlock-audit/2024-11-autonomint/blob/main/Blockchain/Blockchian/contracts/oracles/MasterPriceOracle.sol#L87

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

• When the chainId is 10 (Optimism), the oracle used is Chainlink.
• During fetching of price from Chainlink Oracle it would return more price than the current price which is ongoing.

function _price(
        address underlying
    ) internal view returns (uint128, uint128) {
        // if there is no oracles found revert
        if (oracles[underlying] == address(0))
            revert("Price oracle not found for this underlying token address.");

        // get oracles based on chain
        if(block.chainid == 31337 || block.chainid == 34443){ //?  31337 is used for testing
            // for we are using redstone oracles
            IRedstoneOracle oracle = IRedstoneOracle(oracles[underlying]);
            // updating the underlying to address supported by redstone, based on underlying type
            if (underlying == assetAddress[IBorrowing.AssetName.WeETH]) {
                underlying = 0x028227c4dd1e5419d11Bb6fa6e661920c519D4F5;
            } else if (underlying == assetAddress[IBorrowing.AssetName.WrsETH]) {
                underlying = 0x4186BFC76E2E237523CBC30FD220FE055156b41F;
            } else if (underlying == assetAddress[IBorrowing.AssetName.ETH]) {
                underlying = address(0);
            }

            // get the price of the underlying
            uint256 priceInUsd = oracle.priceOf(underlying);
            // get the eth price
            uint256 priceOfNativeInUsd = oracle.priceOfETH();
            // return the exchange rate of the underlying to the ETH and eth price
            return (uint128((priceInUsd * 1e18) / priceOfNativeInUsd), uint128(priceOfNativeInUsd / 1e16));
        } else if (block.chainid == 10) {
            AggregatorV3Interface oracle = AggregatorV3Interface(oracles[underlying]);

            // Get the eth price
            // @audit min/max answer not checked bug and check here for scaling issues
            (, int256 price_, , , ) = oracle.latestRoundData();
            // If the token is ETH
            if (underlying == assetAddress[IBorrowing.AssetName.ETH]) {
                // Return Exchange rate as 1 and ETH price with 2 decimals
    @>          return (1 ether, uint128((uint256(price_) / 1e6)));
            } else {
                (, uint128 ethPrice) = _price(assetAddress[IBorrowing.AssetName.ETH]);
                // Return Exchange rate and ETH price with 2 decimals
                return (uint128(uint256(price_)), ethPrice);
            }
        } else {
            return (0, 0);
        }
    }

• Lets take example of ETH/USD price feed , the value that oracle fetches is in 8 decimals
• But in the current codebase the price gets divided by 1e6 and not 1e8.
• Lets take real example of eth/usd feed , the current returns 332254000000 value
• Now when it divide it gives 332254$ but in actual it should return 3322$

Impact

Wrong value gets fetched from Chainlink oracle due to wrong scaling

PoC

No response

Mitigation

Should divide the price returned from Chainlink by 1e8