search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

Upgraded Q -> M from #658 [1674423108320] #674

Closed c4-judge closed 1 year ago

c4-judge commented 1 year ago

Judge has assessed an item in Issue #658 as M risk. The relevant finding follows:

[L-05] MARGIN ASSET TOKENS WITH MORE THAN 18 DECIMALS ARE NOT SUPPORTED As shown below, arithmetic operations of the StableVault.deposit, StableVault.withdraw, Trading._handleDeposit, and Trading._handleWithdraw functions that subtract the margin asset tokens' decimals will underflow if these decimals are more than 18; in this case, calling these functions will revert. This means that the protocol cannot scale to support margin asset tokens that have more than 18 decimals in the future. To prevent the described issue, please consider updating these functions' arithmetic operations to use divisions that divide 1018 by 10n, where n is the corresponding token decimals instead of subtracting such token decimals from 18.

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/StableVault.sol#L44-L51

function deposit(address _token, uint256 _amount) public {
    ...
    IERC20Mintable(stable).mintFor(
        _msgSender(),
        _amount*(10**(18-IERC20Mintable(_token).decimals()))
    );
}

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/StableVault.sol#L65-L72

function withdraw(address _token, uint256 _amount) external returns (uint256 _output) {
    ...
    _output = _amount/10**(18-IERC20Mintable(_token).decimals());
    ...
}

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L643-L659

function _handleDeposit(address _tigAsset, address _marginAsset, uint256 _margin, address _stableVault, ERC20PermitData calldata _permitData, address _trader) internal {
    ...
    if (_tigAsset != _marginAsset) {
        ...
        uint _marginDecMultiplier = 10**(18-ExtendedIERC20(_marginAsset).decimals());
        ...
    } else {
        ...
    }        
}

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L668-L678

function _handleWithdraw(IPosition.Trade memory _trade, address _stableVault, address _outputToken, uint _toMint) internal {
    ...
    if (_outputToken == _trade.tigAsset) {
        ...
    } else {
        ...
        if (IERC20(_outputToken).balanceOf(address(this)) != _balBefore + _toMint/(10**(18-ExtendedIERC20(_outputToken).decimals()))) revert BadWithdraw();
        ...
    }        
}
c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #533

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory