093.md

juancito

medium

ethOracle is not defined in StableOracleDAI making getPriceUSD always revert

Summary

ethOracle is not defined in StableOracleDAI making getPriceUSD always revert, preventing minting tokens with DAI as collateral.

Vulnerability Detail

The ethOracle is not defined:

    ethOracle = IStableOracle(0x0000000000000000000000000000000000000000); // TODO: WETH oracle price

Link to code

It tries to use it when calculating the usd price, so it will always revert:

    uint256 wethPriceUSD = ethOracle.getPriceUSD();

Link to code

The price is used when trying to mint USSD tokens on the USSD contract. So, it is impossible to use this oracle for that purpose.

Impact

StableOracleDAI::getPriceUSD() will always revert.

It will not be possible to mint USSD tokens with DAI as collateral, due to the getPriceUSD function reverting when trying to do it.

Code Snippet

• https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L30
• https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/oracles/StableOracleDAI.sol#L44

Tool used

Manual Review

Recommendation

Allow the constructor to receive the address of the expected oracle, like it is implemented in StableOracleWBGL.sol:

-   constructor() {
+   constructor(address _WETHoracle) {
+       ethOracle = IStableOracle(_WETHoracle);