c4-pre-sort
commented
9 months ago raymondfam marked the issue as insufficient quality report
Closed c4-bot-7 closed 9 months ago
c4-pre-sort
commented
9 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
9 months ago raymondfam marked the issue as duplicate of #135
c4-judge
commented
9 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/adapters/OceanAdapter.sol#L154-L157
Vulnerability details
Impact
The identified issue within the _convertDecimals function in the Shell Protocol could lead to a loss of value due to decimal truncation during token conversions. This situation is particularly critical in the context of Shell Protocol's operations, which involve managing various tokens with different decimal precisions. The truncation issue can result in small but accumulative discrepancies in user balances, affecting the accuracy and fairness of transactions within the protocol.
Proof of Concept
Let's consider an example with two users, Alice and Bob, interacting with the Shell Protocol:
Tools Used
Recommended Mitigation Steps
Given the context of the Shell Protocol, the following specific steps are suggested to mitigate the impact:
Protocol-Specific Rounding Policy: Implement a rounding policy tailored to the Shell Protocol's operational model. This could involve rounding up to the nearest unit in certain scenarios or providing a mechanism to handle fractional remnants in a way that aligns with the protocol's objectives.
Balance Adjustment Mechanism: Develop a system within the protocol to track and adjust for lost value due to truncation. For example, creating a pool that accumulates fractional amounts and redistributes them under specific conditions.
Assessed type
Decimal