Submission Details
Severity:
Fixed precision on `TSwapPool::getPriceOfOnePoolTokenInWeth` returns incorrect price for tokens that don't use 18 decimals
Summary
getPriceOfOnePoolTokenInWeth has a hardcoded 1e18 amount to account for one token. For tokens like USDC, that has 6 decimals, this function would return an incorrect price. Tokens with decimals higher than 18 would also return incorrect prices.
Vulnerability Details
Tokens like LowDecimals.sol and HighDecimals.sol from weird-erc20 repo are simple examples of this tokens.
Impact
Pools of tokens with decimals different than 18 would get a wrong answer when calling getPriceOfOnePoolTokenInWeth
Tools Used
Manual review
Recommendations
Make the following changes to the function:
function getPriceOfOnePoolTokenInWeth() external view returns (uint256) {
+ uint8 poolTokenDecimals = ERC20(address(i_poolToken)).decimals();
+ uint256 onePoolToken = 10**uint256(poolTokenDecimals);
return getOutputAmountBasedOnInput(
- 1e18, i_poolToken.balanceOf(address(this)), i_wethToken.balanceOf(address(this))
+ onePoolToken, i_poolToken.balanceOf(address(this)), i_wethToken.balanceOf(address(this))
);
}
Updates
Appeal created
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Hardcoded decimal value leads to incorrect conversion when ERC20 does not use 18 decimals.
Rewards breakdown
nSLOC
276This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.