code423n4 commented 1 year ago

Lines of code

https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contracts/markets/singularity/SGLCommon.sol#L103

Vulnerability details

Description

The 'SGLCommon' contract contains a critical vulnerability in the interest accrual calculation, particularly in the computation of the 'extraAmount' used for accruing interest. The flaw arises from always dividing by 1e18, disregarding the number of decimals the token possesses. This approach introduces significant precision errors, resulting in incorrect interest accrual calculations and potential financial discrepancies for users.

The 'extraAmount' is a crucial factor in determining the interest rates and amounts applied to user holdings. However, by consistently dividing by 1e18 without considering the token's specific decimal precision, the contract produces erroneous results. Tokens with different decimal places require adjusted division factors to maintain accurate interest calculations.

Proof of concept and Impact

Exploiting this vulnerability, attackers can manipulate the interest accrual mechanism, causing incorrect interest rates or misleading users regarding their actual interest earnings or debt.

1) Exploiting the Vulnerability: Trigger the interest accrual process for tokens with various decimal places. Observe the 'extraAmount' calculation during the accrual phase, always dividing by 1e18. Note that the 'extraAmount' will be incorrect for tokens with decimals other than 18. 2) Impact: Incorrect interest rates and amounts for tokens with decimal places different from 18. Misleading interest accrual information for users.

Mitigation

To address this vulnerability, modify the interest accrual calculation within the 'SGLCommon' contract to dynamically adjust the division factor based on the token's decimal precision. Consider implementing a function to fetch the token's decimal places and use it in the calculation to ensure accurate and precise interest accrual.