First Flight #16: Mafia Takedown

First Flight #16

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Disturbed pegging of CrimeMoney with USDC due to decimals difference between both tokens.

shikhar229169

Summary

The default decimals of ERC20 contract is 18 and so are the decimals in CrimeMoney token contract but the USDC token has decimal of 6 on Polygon chain.

USDC Link on Polygonscan: https://polygonscan.com/token/0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359

As the protocol is to be deployed on Polygon chain thus CrimeMoney will not be pegged to USDC due to difference in the decimals.

Vulnerability Details

The vulnerability is present in the CrimeMoney contract where it has a 18 decimal and is considered to be pegged with USDC but as USDC on Polygon has 6 decimals, therefore the peg will not be maintained due to decimal difference.

When a user deposits 1 USDC on the MoneyShelf they will only get 0.000000000001 CrimeMoney token, and thus CrimeMoney is not pegged to USDC.

Impact

CrimeMoney is not pegged to USDC.

Tools Used

Manual Review

Recommendations

Consider changing the decimals of CrimeMoney to 6.

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

USDC decimals not handled

Rewards breakdown

nSLOC

205

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.