Submission Details
Severity:
Incorrect Decimal Handling in `ZENO::redeem/redeemAll` Causes Catastrophic Funds Drainage
Summary
The ZENO::redeem and ZENO::redeemAll functions fail to account for the decimal precision mismatch between ZENO (18 decimals) and USDC (6 decimals). This discrepancy creates a 1e12 magnitude error in asset transfers. For example:
When a user holds 1 ZENO token (
1e18units) and callsredeemAll, the contract erroneously transfers1e18USDC units instead of the correct1e6units.This represents a 1,000,000x overpayment per redemption transaction.
Vulnerability Details
function redeem(uint amount) external nonReentrant {
if (!isRedeemable()) {
revert BondNotRedeemable();
}
if (amount == 0) {
revert ZeroAmount();
}
uint256 totalAmount = balanceOf(msg.sender);
if (amount > totalAmount) {
revert InsufficientBalance();
}
totalZENORedeemed += amount;
_burn(msg.sender, amount);
USDC.safeTransfer(msg.sender, amount); <==@found
}
function redeemAll() external nonReentrant {
if (!isRedeemable()) {
revert BondNotRedeemable();
}
uint256 amount = balanceOf(msg.sender);
totalZENORedeemed += amount;
_burn(msg.sender, amount);
USDC.safeTransfer(msg.sender, amount); <==@found
}
Impact
Complete drainage of USDC reserves within 1-2 transactions
Tools Used
Manual Review
Recommendations
Add precision conversion.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
Decimal precision mismatch between ZENO token (18 decimals) and USDC (6 decimals) not accounted for in redemption, causing calculation errors and incorrect payments
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.