Submission Details
Severity:
Token decimals are not considered for any of the calculations, resulting in incorrect accounting
## Summary
All the token amount calculations are done directly on the amount and the token decimals are not considered during these calculations across the codebase.
This could result in all the calculations being skewed resulting in either inflating or deflating the calculations causing losses.
## Vulnerability Details
Different amounts are calculated using functions `getDepositAmount` and `getRefundAmount` is used across the codebase for multiple fees, collateral deposit amounts and refunds etc for different tokens.
However none of the calculations consider respective token decimals to scale the value.
This skewes the calculations since different tokens are used for collateral, market tokens, ETH etc.
This could mess up the internal accounting severely and result in significant losses for users and the protocol.
## Impact
Severe losses to users and protocol due to incorrectly scaled amount calculations
## Tools Used
## Recommendations
Consider tokenDecimals when calculation all the deposit/fee/refund amounts
Prize pool breakdown
Total prize
27,750 USDC
nSLOC
1,22923 USDC / LOC
25,000 USDC
2,750 USDC
2,250 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.