Zaros Part 1

GitHub
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/GlobalConfigurationBranch.sol#L253

Summary

The GlobalConfigurationBranch includes a function call to ERC20(collateralType).decimals(), which assumes that the decimals function is implemented for all ERC20 tokens (referred to as collateral types in this context). However, the decimals function is optional in the ERC20 standard, potentially causing the configureMarginCollateral function to revert when interacting with tokens that do not implement this function.

Impact

While most ERC20 assets implement the decimals function, it is not mandated by the ERC20 standard. Consequently, a small subset of ERC20 tokens is incompatible with the current implementation, leading to potential transaction failures and an inability to support these tokens.

Impact Details

• If the collateral type does not implement the decimals function, the function will catch this failure and revert with an InvalidMarginCollateralConfiguration error. This prevents the function from configuring such tokens as margin collateral.

• Only tokens that implement the decimals function can be used as collateral. This limits the contract's flexibility and compatibility with the full spectrum of ERC20 tokens.

Recommendation

To support all ERC20 collateral types, consider one of the following approaches:

1. Optional decimals query with fallback:

   • First, attempt to call the decimals function.

   • If the call fails, allow the user to provide the decimals value as an input argument.

2. Require decimals as an input argument:

   • Modify the function to always require the decimals value to be supplied as an argument.