Skip to content

Collaterals with decimals over than 18 can not be used #264

New issue
New issue
Open
Open
Collaterals with decimals over than 18 can not be used#264
Labels
Q-23QA (Quality Assurance)Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntaxbugSomething isn't workingdowngraded by judgeJudge downgraded the risk level of this issuegrade-b
@code423n4

Description

@code423n4
code423n4
opened on Jan 17, 2023

Lines of code

https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L179

Vulnerability details

Impact

The protocol can not be used with some collaterals.

Proof of Concept

In the initialization process, the protocol calculates the decimalsMultiplier that are used later to convert from the collateral token amount to cash token amount.

CashManager.sol
179:     decimalsMultiplier =
180:       10 **
181:         (IERC20Metadata(_cash).decimals() -
182:           IERC20Metadata(_collateral).decimals());

This implementation reverts for the collaterals with decimals greater than 18 and the protocol can not support some collaterals, it is an unnecessary contract level restriction for the future expansion.

Tools Used

Manual Review

Recommended Mitigation Steps

Add a new parameter to store the relationship between the two token decimals and use it properly for conversions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Q-23QA (Quality Assurance)Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntaxbugSomething isn't workingdowngraded by judgeJudge downgraded the risk level of this issuegrade-b

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions