Submission Details
Severity:
Calculation in `calculateDeCRVUSDAmount()` and `calculateRcrvUSDAmount()` does not making any sence.
Summary
Vulnerability Details
function calculateRcrvUSDAmount(uint256 deCRVUSDAmount) public view returns (uint256) {
uint256 scalingFactor = 10**(18 + rTokenDecimals - deTokenDecimals);
return (deCRVUSDAmount * getExchangeRate()) / scalingFactor;
}
function calculateDeCRVUSDAmount(uint256 rcrvUSDAmount) public view returns (uint256) {
uint256 scalingFactor = 10**(18 + deTokenDecimals - rTokenDecimals);
return (rcrvUSDAmount * scalingFactor) / getExchangeRate();
}
In above 2 function we see that rTokenDecimals - deTokenDecimalsand deTokenDecimals - rTokenDecimals
Although I assume here both token has same decimal, But this is poor style of writing code.
When both token decimal deffer then, one of them is going to a overflow condition and fuction always gonna revert.
That directly impact on StabilityPool accounting.
Impact
Tools Used
Recommendations
before substarcting check which token decimal is greater and adjust scaling factor according to this like all other protocol does.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Incorrect scaling factor formula in StabilityPool::calculateRcrvUSDAmount function
Both tokens have 18 decimals. Info
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.