Closed code423n4 closed 3 years ago
Per the quoted ToB checklist: If this is the case, ensure the value returned is below 255.
The value is 18 and only set in the constructor https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/USDV.sol#L51.
duplicate of #283
Handle
0xRajeev
Vulnerability details
Impact
ERC20 tokens should return a uint8 decimals value not uint/uint256. This may break compatibility of USDV with other ERC20-compliant tokens.
See token integration checklist from Trail of Bits https://github.com/crytic/building-secure-contracts/blob/master/development-guidelines/token_integration.md#erc-conformity
Proof of Concept
https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/USDV.sol#L13
Tools Used
Manual Analysis
Recommended Mitigation Steps
Declare decimals as uint8.