The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Tokens with decimals > 18 are not supported

favelanky

Summary

The protocol currently lacks support for ERC20 tokens with more than 18 decimals.

Vulnerability Details

SmartVaultV3.sol

The euroCollateral function in SmartVaultV3.sol relies on calculator.tokenToEurAvg, which may revert when used with tokens having decimals greater than 18. As a result, SmartVaultV3.sol may not function correctly with such tokens.
This is because the calculator.tokenToEurAvg uses getTokenScaleDiff function which does not handle this case.

function euroCollateral() private view returns (uint256 euros) {
ITokenManager.Token[] memory acceptedTokens = getTokenManager().getAcceptedTokens();
for (uint256 i = 0; i < acceptedTokens.length; i++) {
ITokenManager.Token memory token = acceptedTokens[i];
euros += calculator.tokenToEurAvg(token, getAssetBalance(token.symbol, token.addr));
}
}
function getTokenScaleDiff(bytes32 _symbol, address _tokenAddress) private view returns (uint256 scaleDiff) {
return _symbol == NATIVE ? 0 : 18 - ERC20(_tokenAddress).decimals();
}

LiquidationPool.sol

Similar issues can be found in the distributeAssets function of LiquidationPool.sol. Specifically, the calculation for costInEuros may lead to errors if the token decimals exceed 18.

uint256 costInEuros = ((_portion * 10 ** (18 - asset.token.dec) * uint256(assetPriceUsd))
/ uint256(priceEurUsd)) * _hundredPC / _collateralRate;

Impact

The protocol will encounter issues when dealing with ERC20 tokens having decimals higher than 18.

Tools Used

Manual review

Recommendations

Consider normalizing the asset's decimals precision differently: abs(18 - asset.token.dec)

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.