Lack of Explicit Decimal Precision Restriction for ERC20 collateral Tokens
Summary
The contract does not explicitly restrict the decimal precision for ERC20 tokens used as collateral. This lack of precision control may introduce unexpected behavior and potential discrepancies in the collateral calculation, as ERC20 tokens can have varying decimal precision.
Vulnerability Details
The identified vulnerability stems from the contract's inability to explicitly control the decimal precision of ERC20 tokens used as collateral. This deficiency affects the proper computation and utilization of the collateral ratio, particularly when tokens deviate from the assumed 6 decimals. If a collateral token has more decimals, users might falsely appear significantly more collateralized than their actual position, potentially enabling them to withdraw more collateral than intended. Conversely, if the collateral token has fewer decimals, users may appear less collateralized, putting them in a liquidatable position prematurely.
Impact
The impact of this bug extends to the potential hindrance of reward distribution, especially when the collateral token utilizes more than 6 decimals. Inaccurate collateral calculations pose a substantial risk, allowing users to exploit the system, withdraw excessive collateral, or prematurely face liquidation, undermining the contract's integrity and stability.
Tools Used
Manual
Recommendations
Enforce strict validation checks during token interactions to safeguard against potential issues arising from variations in decimal precision.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.