Lucene search

K
code423n4Code4renaCODE423N4:2022-12-TIGRIS-FINDINGS-ISSUES-674
HistoryJan 22, 2023 - 12:00 a.m.

Upgraded Q -> M from #658 [1674423108320]

2023-01-2200:00:00
Code4rena
github.com
3
github
risk assessment
token decimals
arithmetic operations
underflow
smart contract
security issue

Judge has assessed an item in Issue #658 as M risk. The relevant finding follows:

[L-05] MARGIN ASSET TOKENS WITH MORE THAN 18 DECIMALS ARE NOT SUPPORTED
As shown below, arithmetic operations of the StableVault.deposit, StableVault.withdraw, Trading._handleDeposit, and Trading._handleWithdraw functions that subtract the margin asset tokens’ decimals will underflow if these decimals are more than 18; in this case, calling these functions will revert. This means that the protocol cannot scale to support margin asset tokens that have more than 18 decimals in the future. To prevent the described issue, please consider updating these functions’ arithmetic operations to use divisions that divide 1018 by 10n, where n is the corresponding token decimals instead of subtracting such token decimals from 18.

<https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/StableVault.sol#L44-L51&gt;

function deposit(address _token, uint256 _amount) public {
    ...
    IERC20Mintable(stable).mintFor(
        _msgSender(),
        _amount*(10**(18-IERC20Mintable(_token).decimals()))
    );
}

<https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/StableVault.sol#L65-L72&gt;

function withdraw(address _token, uint256 _amount) external returns (uint256 _output) {
    ...
    _output = _amount/10**(18-IERC20Mintable(_token).decimals());
    ...
}

<https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L643-L659&gt;

function _handleDeposit(address _tigAsset, address _marginAsset, uint256 _margin, address _stableVault, ERC20PermitData calldata _permitData, address _trader) internal {
    ...
    if (_tigAsset != _marginAsset) {
        ...
        uint _marginDecMultiplier = 10**(18-ExtendedIERC20(_marginAsset).decimals());
        ...
    } else {
        ...
    }        
}

<https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L668-L678&gt;

function _handleWithdraw(IPosition.Trade memory _trade, address _stableVault, address _outputToken, uint _toMint) internal {
    ...
    if (_outputToken == _trade.tigAsset) {
        ...
    } else {
        ...
        if (IERC20(_outputToken).balanceOf(address(this)) != _balBefore + _toMint/(10**(18-ExtendedIERC20(_outputToken).decimals()))) revert BadWithdraw();
        ...
    }        
}

The text was updated successfully, but these errors were encountered:

All reactions