code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-caviar/blob/cd8a92667bcb6657f70657183769c244d04c015c/src/PrivatePool.sol#L733

Vulnerability details

PrivatePool.change does a call to changeFeeQuote() to calculate the fee amount.

It computes an exponent as ERC20(baseToken).decimals() - 4

File: src/PrivatePool.sol
731: function changeFeeQuote(uint256 inputAmount) public view returns (uint256 feeAmount, uint256 protocolFeeAmount) {
732:         // multiply the changeFee to get the fee per NFT (4 decimals of accuracy)
733:         uint256 exponent = baseToken == address(0) ? 18 - 4 : ERC20(baseToken).decimals() - 4;

This will revert for tokens with decimals less than 4. EURS is an example of such token, as it has 2 decimals.

Impact

The change function is not available for pools with a baseToken with less than 4 decimals. This means reduced functionality available for such pools.

Tools Used

Manual Analysis

Mitigation

Either change the changeFeeQuote() functionality to work with tokens with less than 4 decimals, or ensure there is a check in Factory to prevent the creation of pools with a _baseToken with less than 4 decimals

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as duplicate of #858

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory

code-423n4 / 2023-04-caviar-findings

`PrivatePool.change` does not work with token with less than 4 decimals #959

Lines of code

Vulnerability details

Impact

Tools Used

Mitigation