Platform: Code4rena
Start Date: 07/04/2023
Pot Size: $47,000 USDC
Total HM: 20
Participants: 120
Period: 6 days
Judge: GalloDaSballo
Total Solo HM: 4
Id: 230
League: ETH
Rank: 113/120
Findings: 1
Award: $5.98
🌟 Selected for report: 0
🚀 Solo Findings: 0
5.9827 USDC - $5.98
PrivatePool.change does a call to changeFeeQuote() to calculate the fee amount.
It computes an exponent as ERC20(baseToken).decimals() - 4
File: src/PrivatePool.sol 731: function changeFeeQuote(uint256 inputAmount) public view returns (uint256 feeAmount, uint256 protocolFeeAmount) { 732: // multiply the changeFee to get the fee per NFT (4 decimals of accuracy) 733: uint256 exponent = baseToken == address(0) ? 18 - 4 : ERC20(baseToken).decimals() - 4;
This will revert for tokens with decimals less than 4.
EURS is an example of such token, as it has 2 decimals.
The change function is not available for pools with a baseToken with less than 4 decimals. This means reduced functionality available for such pools.
Manual Analysis
Either change the changeFeeQuote() functionality to work with tokens with less than 4 decimals, or ensure there is a check in Factory to prevent the creation of pools with a _baseToken with less than 4 decimals
#0 - c4-pre-sort
2023-04-20T15:23:03Z
0xSorryNotSorry marked the issue as duplicate of #858
#1 - c4-judge
2023-05-01T07:14:08Z
GalloDaSballo marked the issue as satisfactory