Closed c4-bot-10 closed 6 months ago
0xEVom marked the issue as sufficient quality report
0xEVom marked the issue as insufficient quality report
Price is denominated in wei, not in the decimals of the assets.
jhsagd76 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Oracle.sol#L359-#L374
Vulnerability details
Vulnerability detail
Function
_getReferencePoolPriceX96()
is used to return price of the pool:It is assumed that both tokens have same decimals. If a pool have 2 tokens that have decimals (example: weth/usdc), price return will be bigger alot than it should. Issue that related to different decimals is also discussed at here
Impact
Price will be wrongly returned, lead to unexpected result
Tools Used
Manual review
Recommended Mitigation Steps
Checking decimals of both tokens in the pool and adjust the price returned based on them
Assessed type
Other