Protocol does not handle the tokens correctly that has decimal value more than 18 #536
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-533
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L44-L71
Vulnerability details
Impact
StableVault.sol :
desposit
,depositWithPermit
andwithdraw
would revert.TradingLibrary.sol :
verifyPrice
function would revert at line 115Trading.sol :
_handleDeposit
function would revert at line 650, _handleWithdraw will fail at line 675.Proof of Concept
From the listed pairs it is clear that the protocol is supporting the NEAR/USD - https://docs.tigris.trade/protocol/listed-pairs#:~:text=3-,NEAR/USD,-0.10%25
NEAR has decimal value of 24. https://etherscan.io/token/0x85f17cf997934a597031b2e18a9ab6ebd4b9f6a4
StableVault.sol : both witdraw and deposit will revert due to the calculation at lines 49, 67
Tools Used
Manual review
Recommended Mitigation Steps
Kindly consider changing the subtraction from large to min instead of (18 - token decimal)
The text was updated successfully, but these errors were encountered: