Protocol cant use token with more then 18 decimals
Vulnerability Details:
The distributeFees function in the LiquidationPool contract is responsible for distributing liquidated assets to stakers, based on their staking weight. The cost calculation for these assets, defined in the costInEuros formula, adjusts asset decimals to eighteen to standardize value scales across different tokens.
While this approach is effective for tokens with fewer than 18 decimals, it becomes problematic for tokens with more than 18 decimals. In such cases, an underflow occurs, leading to a revert in the distributeFees function and potentially blocking the liquidation process.
The protocol allows the addition of new tokens to its list of eligible collateral token with no restrictions specified on the docs. Therefore, tokens with more than 18 decimals could be an option but currently would fail in the liquidation process.
Impact:
The inability to process tokens with more than 18 decimals limits the protocol on the tokens it can add as collateral options, furthermore if added inadvertently it would fail in the liquidation process blocking all liquidations that use that specific asset.
Tools Used:
Manual analysis
Recommendation:
To address this issue, the protocol should modify its scaling method to accommodate tokens with decimal counts both above and below 18.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.