Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-01-NUMOEN-FINDINGS-ISSUES-257
HistoryFeb 01, 2023 - 12:00 a.m.

No support non-18 decimals token

2023-02-0100:00:00
Code4rena
github.com
4
vulnerability
token
decimals
calculation
relaunch
mitigation
boringsolidity
JSON

Lines of code
<https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/JumpRate.sol#L21&gt;
<https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/JumpRate.sol#L37&gt;
<https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/JumpRate.sol#L42&gt;

Vulnerability details

Impact

The function is dependent on the token being of 18 decimals for correct calculation. If the project wants to use other tokens then it underlying native token. It would have to relaunch to accommodate this, or it can be forgotten and lead to future wrong calculations.

Tools Used

VS code

Recommended Mitigation Steps

A better choice is a decimal check or use #safeDecimal of BoringSolidity

<https://github.com/boringcrypto/BoringSolidity/blob/ccb743d4c3363ca37491b87c6c9b24b1f5fa25dc/contracts/libraries/BoringERC20.sol#L52&gt;

The text was updated successfully, but these errors were encountered:

All reactions

JSON