Platform: Code4rena
Start Date: 07/03/2024
Pot Size: $63,000 USDC
Total HM: 20
Participants: 36
Period: 5 days
Judge: cccz
Total Solo HM: 11
Id: 349
League: BLAST
Rank: 34/36
Findings: 1
Award: $15.33
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ether_sky
Also found by: 0x11singh99, 0xE1, 0xJaeger, Bauchibred, Bigsam, Bozho, Breeje, DarkTower, HChang26, SpicyMeatball, Trust, ZanyBonzy, albahaca, bareli, blutorque, grearlake, hals, hassan-truscova, hihen, oualidpro, pfapostol, ravikiranweb3, slvDev, zhaojie
15.328 USDC - $15.33
Tokens with decimals greater than 18 cannot be processed.
MagicLpAggregator In the constructor, takes the decimals of the base token and quote token:
constructor(IMagicLP pair_, IAggregator baseOracle_, IAggregator quoteOracle_) { pair = pair_; baseOracle = baseOracle_; quoteOracle = quoteOracle_; baseDecimals = IERC20Metadata(pair_._BASE_TOKEN_()).decimals(); quoteDecimals = IERC20Metadata(pair_._QUOTE_TOKEN_()).decimals(); }
In the latestAnswer function, WAD - xx.decimals is used:
function latestAnswer() public view override returns (int256) { @> uint256 baseAnswerNomalized = uint256(baseOracle.latestAnswer()) * (10 ** (WAD - baseOracle.decimals())); @> uint256 quoteAnswerNormalized = uint256(quoteOracle.latestAnswer()) * (10 ** (WAD - quoteOracle.decimals())); uint256 minAnswer = baseAnswerNomalized < quoteAnswerNormalized ? baseAnswerNomalized : quoteAnswerNormalized; (uint256 baseReserve, uint256 quoteReserve) = _getReserves(); @> baseReserve = baseReserve * (10 ** (WAD - baseDecimals)); @> quoteReserve = quoteReserve * (10 ** (WAD - quoteDecimals)); return int256(minAnswer * (baseReserve + quoteReserve) / pair.totalSupply()); }
WAD is a value of type uint256, equal to 18:
uint256 public constant WAD = 18;
Therefore, if token.decimals is greater than 18, negative numbers will appear, whereas values of type uint do not allow negative numbers, so will revert.
Therefore, MagicLpAggregator will not be able to handle tokens with decimals greater than 18.
vscode, manual
Consider the case where decimals are greater than 18
Decimal
#0 - c4-pre-sort
2024-03-15T12:59:27Z
141345 marked the issue as primary issue
#1 - c4-pre-sort
2024-03-15T12:59:39Z
141345 marked the issue as sufficient quality report
#2 - 0xm3rlin
2024-03-16T22:50:03Z
No factor
#3 - c4-sponsor
2024-03-28T17:10:53Z
0xCalibur (sponsor) disputed
#4 - c4-judge
2024-03-29T15:25:45Z
thereksfour marked the issue as satisfactory
#5 - c4-judge
2024-03-31T07:07:12Z
thereksfour marked the issue as selected for report
#6 - trust1995
2024-04-02T16:38:17Z
Hi,
The likelihood of a > 18 decimal token being used are miniscule. The team said they will use highly vetted tokens, which are all <=18 decimals. IMO it is an invalid speculation of future integration, as the only pair we know will be used is USDB/MIM. Futhermore, impact is that the function will always revert, and can always be redeployed after immediately noticing it does. So QA at most is appropriate.
#7 - thereksfour
2024-04-05T14:53:58Z
For weird token related issues, it will be considered M when there is a high impact, DOS is medium impact, will be considered QA
#8 - c4-judge
2024-04-05T14:54:13Z
thereksfour changed the severity to QA (Quality Assurance)
#9 - c4-judge
2024-04-05T17:39:06Z
thereksfour marked the issue as not selected for report
#10 - c4-judge
2024-04-05T17:39:32Z
thereksfour marked the issue as grade-b