Incorrect Decimal Assumptions in Platform Fee Calculation Leading to Financial Discrepancies
Summary
The current protocol assumes that all tokens have 6 decimal places, as is the case with USDC.
However this assumption is incorrect because some tokens, including USDC on the Binance Smart Chain (BSC),
have 18 decimal places. This discrepancy leads to inaccurate calculations for platformFee.
USDC on Ethereum - 6 decimals
USDC on BSC - 18 decimals
Vulnerability Details
The protocol uses a fixed decimal scaler of 1,000,000 PLATFORM_FEE_DECIMAL_SCALER for calculating the platformFee,
which is designed for tokens with 6 decimal places.
The calculation is as follows:
Since not all Tokens has 6 decimals the platformFee will be calculated wrongly, this fixed scaler does not align
with the actual decimal configuration of the token. This discrepancy leads to incorrect fee calculations.
Impact
Due to the incorrect assumption about token decimals:
Incorrect Fee Calculation: the platform will receive wrong fee due to decimal discrepancy.
The platformFee returned will be inaccurate for tokens with a different number of decimal places,
leading to either undercharging or overcharging users.
Tools Used
Recommendations
Dynamic Decimal Handling: Modify the protocol to dynamically handle different decimal places for tokens.
Implement a way to fetch and use the decimal places of the token being processed.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.