Closed c4-bot-9 closed 9 months ago
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/CollateralAndLiquidity.sol#L63 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/CollateralAndLiquidity.sol#L64
deployment of CollateralAndLiquidity contract can revert or return zero on these lines , due to functions that does not exits in the interface of old ERC20 tokens.
CollateralAndLiquidity
wbtcTenToTheDecimals = 10 ** IERC20Metadata(address(wbtc)).decimals(); wethTenToTheDecimals = 10 ** IERC20Metadata(address(weth)).decimals();
decimals was added later to the erc20 interface and not all tokens use the interface that has decimals
decimals
manual
use openzepplin contracts. limit to tokens that use the interface that decimals in the function list. or remove the lines that use decimals
Error
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/CollateralAndLiquidity.sol#L63 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/CollateralAndLiquidity.sol#L64
Vulnerability details
Impact
deployment of
CollateralAndLiquiditycontract can revert or return zero on these lines , due to functions that does not exits in the interface of old ERC20 tokens.Proof of Concept
decimalswas added later to the erc20 interface and not all tokens use the interface that hasdecimalsTools Used
manual
Recommended Mitigation Steps
use openzepplin contracts. limit to tokens that use the interface that
decimalsin the function list. or remove the lines that usedecimalsAssessed type
Error