Part 2

Summary

The VaultRouterBranch contract performs critical calculations involving conversions between the collateral asset and the index token without ensuring that both assets use the same decimal precision. This inconsistency can lead to incorrect swap rates for deposits, redemptions, and fee calculations, potentially resulting in financial losses.

Vulnerability Details

The VaultRouterBranch contract uses vault.collateral.decimals for the collateral asset and IERC20Metadata(vault.indexToken).decimals() for the index token in different parts of the code. Specifically, in the getIndexTokenSwapRate and getVaultAssetSwapRate functions, the contract calculates swap rates and fees without normalizing the decimal differences between the collateral asset and the index token. This inconsistency can lead to significant miscalculations in the amounts of assets and shares being exchanged.

For example, in the getIndexTokenSwapRate function:

and in the getVaultAssetSwapRate function:

These lines assume that the index token's decimals are consistent with the system's decimals, but there is no enforcement that the collateral asset and the index token have the same decimal precision.

Impact

The inconsistent use of decimals can lead to:

• Mispricing of Assets and Shares: Incorrect swap rates can result in users receiving more or fewer assets/shares than they should, leading to financial losses.

• Exploitable Conditions: An attacker could potentially exploit the decimal inconsistency to manipulate the system for their benefit, especially if they can influence which token with what decimals is used.

Tools Used

Manual Code

Recommendations

Ensure that all conversions between the collateral asset and the index token normalize the decimal differences. For example, adjust the calculations to account for the difference in decimals between the two assets.