addToken does not check if token decimals is at most 18
The function
addToken
does not check if the token decimals is at most 18 (there are tokens
that have high decimals, for example
YAMv2
has 24). If such a token is added to the vault (and also allowed), the
normalizeDecimals
function will have incorrect values, leading to bugs in share
calculation.
Recommended Mitigation Steps
Add a check for decimals in addToken. For example,
Handle
hrkrshnn
Vulnerability details
addToken
does not check if token decimals is at most18
The function addToken does not check if the token decimals is at most 18 (there are tokens that have high decimals, for example YAMv2 has 24). If such a token is added to the vault (and also allowed), the normalizeDecimals function will have incorrect values, leading to bugs in share calculation.
Recommended Mitigation Steps
Add a check for decimals in
addToken
. For example,