Platform: Code4rena
Start Date: 18/10/2023
Pot Size: $36,500 USDC
Total HM: 17
Participants: 77
Period: 7 days
Judge: MiloTruck
Total Solo HM: 5
Id: 297
League: ETH
Rank: 60/77
Findings: 1
Award: $26.07
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xmystery
Also found by: 0x6d6164616e, 0xWaitress, 0xsurena, Tendency, ZanyBonzy, cryptothemex, hals, lsaudit, ni8mare, niki, phoenixV110, spark, tnquanghuy0512, twcctop
26.0735 USDC - $26.07
https://github.com/open-dollar/od-contracts/blob/f4f0246bb26277249c1d5afe6201d4d9096e52e6/src/contracts/oracles/UniV3Relayer.sol#L64 https://github.com/open-dollar/od-contracts/blob/f4f0246bb26277249c1d5afe6201d4d9096e52e6/src/contracts/oracles/CamelotRelayer.sol#L58 https://github.com/open-dollar/od-contracts/blob/f4f0246bb26277249c1d5afe6201d4d9096e52e6/src/contracts/oracles/ChainlinkRelayer.sol#L42
Open Dollar contracts implement price feed oracles such as UniV3Relayer, CamelotRelayer with assumption that all _quoteToken tokens will have 18 or lesser decimals and returned price will then be converted to 18 decimals format correctly.
However, many tokens such as YAM, NEAR has 24 decimals. Thus, UniV3Relayer, CamelotRelayer contracts will not be able to return 18 decimals format value for tokens with decimals greater than 18.
UniV3Relayer, CamelotRelayer computes a multiplier as following in line 64 and 58, respectively :-
multiplier = 18 - IERC20Metadata(_quoteToken).decimals();
if _quoteToken has decimals more than 18, then above statement will cause underflow and unexpected behavior of code.
Manual Review
Include a check that sets multiplier to zero if _quoteToken has decimals more than 18.
Oracle
#0 - c4-pre-sort
2023-10-25T23:41:59Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-10-25T23:42:08Z
raymondfam marked the issue as duplicate of #18
#2 - c4-pre-sort
2023-10-27T05:07:46Z
raymondfam marked the issue as duplicate of #323
#3 - c4-judge
2023-11-02T08:45:41Z
MiloTruck marked the issue as satisfactory