search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

in withdraw function in StableVault.sol Decimal overflow can happen. #593

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L67

Vulnerability details

Impact

tokens with decimals higher than 18 will always revert.

Proof of Concept

function withdraw(address _token, uint256 _amount) external returns (uint256 _output) {
        IERC20Mintable(stable).burnFrom(_msgSender(), _amount);
        _output = _amount/10**(18-IERC20Mintable(_token).decimals());
        IERC20(_token).transfer(
            _msgSender(),
            _output
        );
    }

Tools Used

manually

Recommended Mitigation Steps

Consider modifying how withdraw works so it could handle tokens with higher than 18 decimals.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #533

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory