117 matches found
UniswapV3Helper: getSqrtPriceX96() doesn't work for tokens with non-18 decimals
Handle hickuphh3 Vulnerability details Impact The getSqrtPriceX96 will return incorrect values for pairs comprising of non-18 decimals. This affects the amounts calculated for a position. Proof of Concept Let us take the ETH-WBTC pair as an example. Note that WBTC has 8 decimals, and is an active...
Rounding errors will occur for tokens without decimals
Handle tensors Vulnerability details Some rare tokens have 0 decimals: For these tokens, small losses of precision will be amplified by the lack of decimals. Consider a constant product pool with 1000 of token0 with no decimals, and 1000 of token1 also with no decimals. Suppose I swap n= 1,2,3,4 ...
IndexPool initial LP supply computation is wrong
Handle cmichel Vulnerability details The IndexPool.constructor function already mints INITPOOLSUPPLY = 100 1e18 = 1e20 LP tokens to the zero address. When trying to use the pool, someone has to provide the actual initial reserve tokens in mint. On the first mint, the pool reserves are zero and th...
Publisher May Accidentally Publish New Index With Incorrect Token Decimals
Handle leastwood Vulnerability details Impact The defiProtocol platform expects all tokens to be 18 decimals, however, nowhere in the contracts is this behaviour enforced. As a result, if a publisher mistakenly publishes a new index with new tokens that don't conform to this standard, settleAucti...
Vault: Withdrawal amount isn't un-normalized
Handle hickuphh3 Vulnerability details Impact In withdraw, the withdrawal amount is the proportion of the normalized amounts of all the tokens in the vault and its strategies. However, this amount isn't un-normalized to the output token's decimals, thus leading to an erroneous token amount being...
Exchange rates from Compound are assumed with 18 decimals
Handle shw Vulnerability details Impact The CTokenMultiOracle contract assumes the exchange rates borrowing rate of Compound always have 18 decimals, while, however, which is not true. According to the Compound documentation, the exchange rate returned from the exchangeRateCurrent function is...
CompositeMultiOracle returns wrong decimals for prices?
Handle cmichel Vulnerability details The CompositeMultiOracle.peek/get functions seem to return wrong prices. It's unclear what decimals source.decimals refers to in this case. Does it refer to source.source token decimals? It chains the price arguments through peek function calls and a single...
OracleManagerFlippening_V0, OracleManagerEthVsBtc only work if chainlink decimals are the same
Handle cmichel Vulnerability details The OracleManagerFlippeningV0, OracleManagerEthVsBtc contracts divide the ETH price by the BTC price and want to return a value where 100% = 1e20. This does not work if the chainlink oracle decimals for ETH are different from the one for BTC. Impact The "price...
OracleManagerFlippening_V0 wrong decimals
Handle cmichel Vulnerability details The OracleManagerFlippeningV0.updatePrice function states that it wants to return the eth dominance as a percentage where 100% = 1e20. It's unclear why there is a division by 1e10 to compute the bitcoin market cap: uint256btcPrice btcSupply 1e10 Impact The pri...
Payout.deduction computation uses wrong decimals
Handle cmichel Vulnerability details The doSherX function computes the burned SherX tokens deduction as: // excludeUsd = amountsi.mulsx.tokenUSDtokensi deduction = excludeUsd.divcurTotalUsdPool.divSherXERC20Storage.sx20.totalSupply.div10e17; This seems to only work if tokensi has 18 decimals, as...
BaseVaultAdaptor assumes sharePrice is always in underlying decimals
Handle cmichel Vulnerability details Vulnerability Details The two BaseVaultAdaptor.calculateShare functions computes share = amount.muluint25610decimals.divsharePrice uint256 sharePrice = getVaultSharePrice; // amount is in "token" decimals, share should be in "vault" decimals share =...
Using deprecated Chainlink function latestAnswer
Handle shw Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0. Besides, the latestAnswer is reported with 18 decimals for crypto quotes but 8 decimals for FX quotes...
Underflow problems occurring when a token has >18 decimals
Handle tensors Vulnerability details Impact The contracts assume that all tokens will have =18 decimals. If the Tracer team are the only people deploying the contracts, and they keep this in mind, this isn't a problem. If the contracts are to be deployed by other people, this assumption should be...
No support for token with decimals > 18
Handle s1m0 Vulnerability details Impact The smart contract doesn't behave correctly if deployed with token that have decimals 18. Proof of Concept The functions tokenToWad and wadToToken revert if the tokenDecimals is 18. These functions are called in critical places like deposit and withdraw...
Loans of tokens with >18 decimals can result in incorrect collateral calculation
Handle 0xsomeone Vulnerability details Impact It is possible for a user to mislead a Pool Delegate to a seemingly innocuous loan by utilizing a token with more than 18 decimals as collateral and lucrative loan terms. Proof of Concept The final calculation within the collateralRequiredForDrawdown ...
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
VVE-2020-0001 Earlier today, we received a responsible disclosure of a potential issue from @montyly security researcher at @trailofbits for Vyper users who make assumptions about what values certain interface types can return. Impact We determined the issue to be mild and unlikely to be exploite...
GHSA-MR6R-MVW4-736G Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
VVE-2020-0001 Earlier today, we received a responsible disclosure of a potential issue from @montyly security researcher at @trailofbits for Vyper users who make assumptions about what values certain interface types can return. Impact We determined the issue to be mild and unlikely to be exploite...