15,000 USDC
View results
Submission Details
Severity: high
Valid

Tokens other than 18 decimals can not be used as collateral

Summary

User using tokens other than 18 decimals can have severe malfunctioning.

Vulnerability Details

Considering that the smart contract can be used with any ERC20 token as collateral, it does not implement the same. The smart contract uses the PRECISION = 1e18 as a multiplier to calculate token amount and its usd amount. But if the smart contract is to work with all ERC20 tokens whose price feed is supported by Chainlink then it fails.

Impact

If users attempt to use tokens that have decimals other than 18 as collateral, the smart contract will miscalculate the token's value and its equivalent in USD. This can lead to a number of problems:

  1. Overvaluation or undervaluation of collateral

  2. Market manipulation

  3. Contract Failure

Tools Used

  1. VS Code

  2. Manual Analysis

  3. Hardhat

Recommendations

Dynamic Mechanism

Consider taking the decimals of each collateral token as an array in constructor and then multiply that particular precision value to calculate its amount and usd value.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.