QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Inflated Value returned `getPoolLPTokenValue` for tokens prices less than 18 decimals

ifexx445

Summary

In the getPoolLPTokenValue function of UpliftOnlyExample.sol, This function is responsible for getting pool data for each tokens tokens in the pool . But for tokens like usdt with less than 18 decimal the value is inflated and scaled up returning inflated values

Vulnerability Details

function getPoolLPTokenValue(
int256[] memory _prices,
address pool,
MULDIRECTION _direction
) internal view returns (uint256) {
uint256 poolValueInUSD;
PoolData memory poolData = IVaultExplorer(address(_vault)).getPoolData(pool);
uint256 poolTotalSupply = _vault.totalSupply(pool);
for (uint i; i < poolData.tokens.length; ) {
@> int256 priceScaled18 = _prices[i] * 1e18;
if (_direction == MULDIRECTION.MULUP) {
poolValueInUSD += FixedPoint.mulUp(uint256(priceScaled18), poolData.balancesLiveScaled18[i]);
} else {
poolValueInUSD += FixedPoint.mulDown(uint256(priceScaled18), poolData.balancesLiveScaled18[i]);
}
unchecked {
++i;

Impact

The pool's total USD value is overestimated due to incorrect scaling of token prices.

Tools Used

Manual

Recommendations

Enforce proper check of prices of tokens with different tokens decimals

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

invalid_getPoolLPTokkenValue_price_too_scaled

Order of magnitude: Price = 1e18 (already scaled and normalized by ChainlinkOracle). PriceScaled = 1e36 PoolValueInUSD = 1e36 (mulDown) PoolTotalSupply = 1e18 PoolValueInUSD / PoolTotalSupply = 1e18. Everything seems fine here.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!