Detailed description of the impact of this finding.
configuredTokens[configuredTokenContracts[i]].decimals can be greater than 18 decimals. this will cause the getLockedWeightedValue fail.
As defined in the context, All erc20 tokens with more than 18 and less than 6 is allowed.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function getLockedWeightedValue(
address _player
) external view returns (uint256 _lockedWeightedValue) {
uint256 lockedWeighted = 0;
uint256 configuredTokensLength = configuredTokenContracts.length;
for (uint256 i; i < configuredTokensLength; i++) {
if (
lockedTokens[_player][configuredTokenContracts[i]].quantity >
0 &&
configuredTokens[configuredTokenContracts[i]].active
) {
// We are assuming all tokens have a maximum of 18 decimals and that USD Price is denoted in 1e18
uint256 deltaDecimal = 10 *
@>> (18 -
configuredTokens[configuredTokenContracts[i]].decimals);
lockedWeighted +=
(deltaDecimal
lockedTokens[_player][configuredTokenContracts[i]]
.quantity *
configuredTokens[configuredTokenContracts[i]]
.usdPrice) /
1e18;
}
}
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/main/src/managers/LockManager.sol#L474
Vulnerability details
Impact
Detailed description of the impact of this finding. configuredTokens[configuredTokenContracts[i]].decimals can be greater than 18 decimals. this will cause the getLockedWeightedValue fail.
As defined in the context, All erc20 tokens with more than 18 and less than 6 is allowed.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function getLockedWeightedValue( address _player ) external view returns (uint256 _lockedWeightedValue) { uint256 lockedWeighted = 0; uint256 configuredTokensLength = configuredTokenContracts.length; for (uint256 i; i < configuredTokensLength; i++) { if ( lockedTokens[_player][configuredTokenContracts[i]].quantity > 0 && configuredTokens[configuredTokenContracts[i]].active ) { // We are assuming all tokens have a maximum of 18 decimals and that USD Price is denoted in 1e18 uint256 deltaDecimal = 10 * @>> (18 - configuredTokens[configuredTokenContracts[i]].decimals); lockedWeighted += (deltaDecimal lockedTokens[_player][configuredTokenContracts[i]] .quantity * configuredTokens[configuredTokenContracts[i]] .usdPrice) / 1e18; } }
Tools Used
Recommended Mitigation Steps
we should not keep 18 as a constant.
Assessed type
Context