Yearn token <> shares conversion decimal issue #134
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
cmichel
Vulnerability details
The yearn strategy
YearnYield
converts shares to tokens by doingpricePerFullShare * shares / 1e18
:But Yearn's
getPricePerFullShare
seems to be invault.decimals()
precision, i.e., it should convert it aspricePerFullShare * shares / (10 ** vault.decimals())
.The vault decimals are the same as the underlying token decimals
Impact
The token and shares conversions do not work correctly for underlying tokens that do not have 18 decimals.
Too much or too little might be paid out leading to a loss for either the protocol or user.
Recommended Mitigation Steps
Divide by
10**vault.decimals()
instead of1e18
ingetTokensForShares
.Apply a similar fix in
getSharesForTokens
.The text was updated successfully, but these errors were encountered: