The decimals shoul be uint8

[code423n4]

Handle

s1m0

Vulnerability details

Impact

The erc20 specification says that decimals should be uint8 not uint256.

Proof of Concept

https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/USDV.sol#L13 https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/Vader.sol#L14 VETH Token already deployed https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/interfaces/iERC20.sol#L7

Tools Used

Manual analysis

Recommended Mitigation Steps

Use uint8 as decimals.

[0xBrian]

https://github.com/vetherasset/vaderprotocol-contracts/commit/35908c629eed86dac62b1baee3cb247c38f2a5a0

[dmvt]

duplicate of #283