ethOracle in StableOracleDAI.sol uses the 0 address for Weth/USD oracle

Summary

ethOracle in StableOracleDAI.sol uses the 0 address for Weth/USD oracle.

Vulnerability Detail

The ETH/USD oracle is currently set as 0x0. The ETH/USD chainlink oracle is 0x5f4ec3df9cbd43714fe2740f5e3616155c5b8419.

        );
        ethOracle = IStableOracle(0x0000000000000000000000000000000000000000); // TODO: WETH oracle price
    }

Impact

ethOracle will return not return the proper ETH/USD value.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L29-L31

Tool used

Manual Review

Recommendation

Use the ETH/USD oracle: 0x5f4ec3df9cbd43714fe2740f5e3616155c5b8419

Alternatively, can set the contract address in the constructor parameter like how it is done in StableOracleWBGL.sol.

    constructor(address _WETHoracle) {
        staticOracleUniV3 = IStaticOracle(
            0x982152A6C7f732Ec7C9EA998dDD9Ebde00Dfa16e
        );
        ethOracle = IStableOracle(_WETHoracle);
    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

089.md

089.md

ethOracle in StableOracleDAI.sol uses the 0 address for Weth/USD oracle

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

089.md

Latest commit

History

089.md

File metadata and controls

ethOracle in StableOracleDAI.sol uses the 0 address for Weth/USD oracle

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation