The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Lack of Support for Tokens with Decimals > 18

0xpep7

Summary

The contract exhibits a medium-severity vulnerability as it fails to support tokens with decimals greater than 18. This limitation could impact the functionality of the contract, especially when dealing with tokens that do not adhere to the standard ERC-20 specifications.

Vulnerability Details

The root cause of the vulnerability is the contract's inability to handle tokens with decimals exceeding 18. This oversight may result in unexpected behavior or errors when interacting with such tokens, as they are becoming increasingly common in the ecosystem.

// Findings are labeled with '<= FOUND'

// File: contracts/LiquidationPool.sol

205: function distributeAssets(ILiquidationPoolManager.Asset[] memory _assets, uint256 _collateralRate, uint256 _hundredPC) external payable {

...

219: uint256 _portion = asset.amount * _positionStake / stakeTotal;

220: uint256 costInEuros = _portion * 10 ** (18 - asset.token.dec) * uint256(assetPriceUsd) / uint256(priceEurUsd) // <= FOUND: not support the tokens whose decimal is greater than 18

221: * _hundredPC / _collateralRate;

222: if (costInEuros > _position.EUROs) {

223: _portion = _portion * _position.EUROs / costInEuros;

224: costInEuros = _position.EUROs;

...

241: }

Impact

The impact of this vulnerability is notable, particularly in scenarios involving tokens with more than 18 decimals. The contract may not function as intended, leading to potential errors or disruptions in token interactions.

Tools Used

Manual Review

Recommendations

To address this vulnerability, it is recommended to enhance the contract's compatibility by supporting tokens with decimals greater than 18. This involves adapting the contract's logic to accommodate the broader range of decimal values encountered in various ERC-20 tokens.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.