The function configureToken can accept tokens which may have more or less than 18 decimals. This is problematic because function getLockedWeightedValue assumes that all tokens have 18 decimals as the protocol stated " // We are assuming all tokens have a maximum of 18 decimals and that USD Price is denoted in 1e18". This will have an impact such as getLockedWeightedValue performing incorrect calculations.
function configureToken(
address _tokenContract,
ConfiguredToken memory _tokenData
/* struct ConfiguredToken consists of (usdPrice,nftCost,decimals,active) */
) external onlyAdmin
{
if (_tokenData.nftCost == 0) revert NFTCostInvalidError();
if (configuredTokens[_tokenContract].nftCost == 0) {
// new token
configuredTokenContracts.push(_tokenContract);
}
configuredTokens[_tokenContract] = _tokenData;
// no check for more than 18 decimals
emit TokenConfigured(_tokenContract, _tokenData);
}
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L98-L112 https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L461-L487
Vulnerability details
Impact
The function
configureTokencan accept tokens which may have more or less than 18 decimals. This is problematic because functiongetLockedWeightedValueassumes that all tokens have 18 decimals as the protocol stated " // We are assuming all tokens have a maximum of 18 decimals and that USD Price is denoted in 1e18". This will have an impact such asgetLockedWeightedValueperforming incorrect calculations.Proof of Concept
There is a coded PoC in github.
Tools Used
Manual Review, Foundry
Recommended Mitigation Steps
Add a require check in the function
configureToken,require(_tokenData.decimals == 18)you can specify how many you would like.Assessed type
Decimal