cmichel
The UniswapHandler.maltMarketPrice function returns a tuple of the price and the decimals of the price.
However, the returned decimals do not match the computed price for the else if (rewardDecimals < maltDecimals) branch:
else if (rewardDecimals < maltDecimals) {
uint256 diff = maltDecimals - rewardDecimals;
price = (rewardReserves.mul(10**diff)).mul(10**rewardDecimals).div(maltReserves);
decimals = maltDecimals;
}
Note that rewardReserves are in reward token decimals, maltReserves is a malt balance amount (18 decimals).
Then, the returned amount is in rewardDecimals + diffDecimals + rewardDecimals - maltDecimals = maltDecimals + rewardDecimals - maltDecimals = rewardDecimals.
However decimals = maltDecimals is wrongly returned.
Callers to this function will receive a price in unexpected decimals and might inflate or deflate the actual amount.
Luckily, the AuctionEscapeHatch decides to completely ignore the returned decimals and as all prices are effectively in rewardDecimals, even if stated in maltDecimals, it currently does not seem to lead to an issue.
Fix the function by returning rewardDecimals instead of maltDecimals in the rewardDecimals < maltDecimals branch.
The text was updated successfully, but these errors were encountered:
All reactions