StableVault doesn't support tokens above 18 decimals #116
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-533
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L49
Vulnerability details
Impact
The
StableVault
has adeposit
function, which allows a user to deposit a whitelisted token in exchange fortigAsset
.If the whitelisted token has above 18 decimals, the
deposit
anddepositWithPermit
functions will revert, thus rendering any asset with > 18 decimals incompatible with the protocol.Proof of Concept
deploy/00.Mocks.js
script.test/06.StableVault.js
:Tools Used
VS Code Plugins, Hardhat
Recommended Mitigation Steps
Explicitly add a check or a comment if the StableVault is not meant to support tokens with > 18 decimals.
The text was updated successfully, but these errors were encountered: