Collaterals with decimals over than 18 can not be used #264
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
Q-23
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/code-423n4/2023-01-ondo/blob/f3426e5b6b4561e09460b2e6471eb694efdd6c70/contracts/cash/CashManager.sol#L179
Vulnerability details
Impact
The protocol can not be used with some collaterals.
Proof of Concept
In the initialization process, the protocol calculates the
decimalsMultiplier
that are used later to convert from the collateral token amount to cash token amount.This implementation reverts for the collaterals with decimals greater than 18 and the protocol can not support some collaterals, it is an unnecessary contract level restriction for the future expansion.
Tools Used
Manual Review
Recommended Mitigation Steps
Add a new parameter to store the relationship between the two token decimals and use it properly for conversions.
The text was updated successfully, but these errors were encountered: