Kose
high
Code from StableOracleWETH.sol is used without any change in StableOracleWBTC.sol hence StableOracleWBTC.sol is actually returns price value of WETH. If user mint USSD using WBTC, it's value will be calculated as if it's WETH and user will get much less amount of USSD hence will lose funds.
StableOracleWBTC.sol#L12-L26 and StableOracleWETH.sol#L12-L26 are completely same and consist of :
contract StableOracleWBTC is IStableOracle {
AggregatorV3Interface priceFeed;
constructor() {
priceFeed = AggregatorV3Interface(
0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419
);
}
function getPriceUSD() external view override returns (uint256) {
//(uint80 roundID, int256 price, uint256 startedAt, uint256 timeStamp, uint80 answeredInRound) = priceFeed.latestRoundData();
(, int256 price, , , ) = priceFeed.latestRoundData();
// chainlink price data is 8 decimals for WETH/USD
return uint256(price) * 1e10;
}Address used for priceFeed is correspond to Chainlink ETH/USD Price Feed, hence if user tries to use WBTC for minting USSD, calculations will be done based on ETH/USD price and user will receive BTC/ETH (14.84 at the moment) times less amount of USSD coin.
User will lose significant amount of funds.
Manual Review
Implement correct oracle for WBTC.