Summary

In the ZlpVault contract, vault creators can specify a decimalOffset when deploying new vaults. However, the functions getIndexTokenSwapRate and getVaultAssetSwapRate use a different decimalOffset, leading to discrepancies and potential issues. This mismatch can cause unintended reverts and render the vault unusable.

Vulnerability Details

Consider the following scenarios:

Scenario 1: WETH Vault

1. The vault owner creates a vault for WETH with a decimalOffset of 6.

2. The getIndexTokenSwapRate function calculates the decimal offset as 18 - decimalsOfTheIndexToken.

3. However, due to the underlying implementation of the decimals function in ERC-4626, the index token's decimals are 24, leading to an incorrect offset calculation.

4. As a result, all requests revert, making the vault unusable.

Scenario 2: USDC Vault

1. The vault owner creates a vault for USDC, which has 6 decimals, and sets decimalOffset to 10.

2. The getIndexTokenSwapRate function calculates the decimal offset as 18 - 16 = 2 (instead of the expected 10).

3. This inconsistency results in incorrect swap rates and potential miscalculations in token conversions.

Impact

• The vault may become completely unusable due to reverts.

• Incorrect decimal calculations can lead to inaccurate swap rates, potentially causing financial discrepancies.

Tools Used

Manual review

Recommendations

• Ensure that decimalOffset is consistently used across all relevant functions.

• Validate that the decimalOffset aligns correctly with the ERC-4626 implementation to prevent miscalculations.

• Consider enforcing stricter checks when setting decimalOffset to prevent unintended discrepancies.