the value 18 is hardcoded in the code and expression 18 - uint256(IERC20Extended(priceInfo.token).decimals()) is in code so if a token had more than 18 precision then this contract couldn't support it and all the logics based on this contract would fail for those tokens.
Proof of Concept
This is getPriceFromDex() code in ConnextPriceOracle:
Lines of code
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/helpers/ConnextPriceOracle.sol#L99-L115
Vulnerability details
Impact
the value
18
is hardcoded in the code and expression18 - uint256(IERC20Extended(priceInfo.token).decimals())
is in code so if a token had more than18
precision then this contract couldn't support it and all the logics based on this contract would fail for those tokens.Proof of Concept
This is
getPriceFromDex()
code inConnextPriceOracle
:As you can see the code don't support tokens with more than
18
digit precision and execution would revert for those tokens.Tools Used
VIM
Recommended Mitigation Steps
add support for all tokens.