New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong docs on UsdOracle #84
Labels
Comments
Informational, will address |
deluca-mike
added a commit
to maple-labs/maple-core
that referenced
this issue
Apr 27, 2021
- Fixed some missed spacing - Fixed bad NatSpec comment ending (,) - Fixed equation alignement - Wrong docs on UsdOracle (code-423n4/2021-04-maple-findings#84)
lucas-manuel
pushed a commit
to maple-labs/maple-core
that referenced
this issue
Apr 27, 2021
* refactor: More gas optimizations - Use local variables to reduce storage access - Use return variables when legible and possible - if (exitCase) exit, so that large code can be done unindented, and smaller jumpdest - --x and ++x are sometimes better, since there is no intermediate variable on the stack * chore: PR Review fixes - Revert saving context variable locally - Fix allignment * refactor: More gas optimizations - Use local variables to reduce storage access - Use return variables when legible and possible - if (exitCase) exit, so that large code can be done unindented, and smaller jumpdest - --x and ++x are sometimes better, since there is no intermediate variable on the stack * chore: PR Review fixes - Revert saving context variable locally - Fix allignment * chore: Comments, Spelling, and NatSpec cleanup * chore: Rebase and PR Review - Reverted exitswapExternAmountOut - fixed more incorrect formatting - https://app.clubhouse.io/maplefinance/story/2083/maple-core-natspec-sweep-for-spelling-correct-comments * chore: Rebase updates * chore: Normalize checking functions * chore: PR Review #2 - Fixed some missed spacing - Fixed bad NatSpec comment ending (,) - Fixed equation alignement - Wrong docs on UsdOracle (code-423n4/2021-04-maple-findings#84)
Resolved in code comments. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
@cmichelio
Vulnerability details
Vulnerability Details
The
UsdOracle.sol
contract states:The USDC precision is 6, but the oracle returns a precision of 8, so the comment does not match the code.
Impact
A wrong precision on the oracle contract could lead to inflated/deflated prices.
Recommended Mitigation Steps
It seems that the current contract code assumes a precision of 8 instead of 6 and works correctly.
Clarify if the documentation is wrong or the code needs to be updated.
If further development is done and the comment is assumed to be correct, one might use 100 times the actual USDC token balance.
The text was updated successfully, but these errors were encountered: