code-423n4 / 2021-09-yaxis-findings

0 stars 0 forks source link

_normalizeDecimals does not handle tokens with more than 18 decimals #84

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

pauliax

Vulnerability details

Impact

function _normalizeDecimals only normalizes amounts of tokens that have less than 18 decimals. Tokens that have more than 18 decimals are not handled by this function. Some tokens can have more than 18 decimals, e.g. YAM-V2 has 24. I didn't get an answer on Discord about this so submitting anyway and you can decide if that's an issue or intended behavior.

Recommended Mitigation Steps

Consider handling cases of tokens with >18 decimals.

uN2RVw5q commented 2 years ago

Duplicate of https://github.com/code-423n4/2021-09-yaxis-findings/issues/42

GalloDaSballo commented 2 years ago

Duplicate of #42

loudoguno commented 2 years ago

changing risk to 0, as per judges sheet