Platform: Code4rena
Start Date: 09/12/2022
Pot Size: $90,500 USDC
Total HM: 35
Participants: 84
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 12
Id: 192
League: ETH
Rank: 69/84
Findings: 1
Award: $13.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: yjrwkk
Also found by: 0x4non, 0xDecorativePineapple, 0xdeadbeef0x, Avci, Critical, Deivitto, Dinesh11G, Englave, Tointer, ak1, chaduke, izhelyazkov, pwnforce, rbserver, rvierdiiev, unforgiven
13.7578 USDC - $13.76
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/utils/TradingLibrary.sol#L115
This can result in broken code flow and unpredictable outcomes (e.g. an underflow will result in really high rates).
It is assumed that the maximum number of decimals for each token is 18
However uncommon, but it is possible to have tokens with more than 18 decimals, as an Example YAMv2 has 24 decimals.
This can result in broken code flow and unpredictable outcomes (e.g. an underflow will result with really high rates.
uint256 assetChainlinkPrice = uint256(assetChainlinkPriceInt) * 10**(18 - IPrice(_chainlinkFeed).decimals());
Manual code review
Make sure the code won’t fail in case the token’s decimals is more than 18.
#0 - GalloDaSballo
2022-12-19T00:25:43Z
Code is checked, underflow will cause a revert
#1 - GalloDaSballo
2022-12-19T00:25:55Z
Bulking as "Code doesn't work if greater than 18 decimals"
#2 - c4-judge
2022-12-20T15:43:15Z
GalloDaSballo marked the issue as duplicate of #533
#3 - c4-judge
2023-01-22T17:44:36Z
GalloDaSballo marked the issue as satisfactory
#4 - c4-judge
2023-01-22T17:44:43Z
GalloDaSballo changed the severity to 2 (Med Risk)