Detailed description of the impact of this finding.
More than 18 decimals tokens are allowed in our contact so ,this will cause an error.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
@> if (bridgingDecimals < 18) {
uint256 normalizedStakingAmount = stakingIncentive / (10 * (18 - bridgingDecimals));
normalizedStakingAmount = 10 ** (18 - bridgingDecimals);
// Update return amounts
// stakingIncentive is always bigger or equal than normalizedStakingAmount
returnAmount += stakingIncentive - normalizedStakingAmount;
// Downsize staking incentive to a specified number of bridging decimals
stakingIncentive = normalizedStakingAmount;
}
f (bridgingDecimals < 18) {
uint256 normalizedAmount = amount / (10 * (18 - bridgingDecimals));
normalizedAmount = 10 ** (18 - bridgingDecimals);
// Downsize staking incentive to a specified number of bridging decimals
amount = normalizedAmount;
}
Tools Used
Recommended Mitigation Steps
they should use tokens.decimals instead of fix value of 18.
Lines of code
https://github.com/code-423n4/2024-05-olas/blob/main/tokenomics/contracts/Dispenser.sol#L1220 https://github.com/code-423n4/2024-05-olas/blob/main/tokenomics/contracts/Dispenser.sol#L931
Vulnerability details
Impact
Detailed description of the impact of this finding. More than 18 decimals tokens are allowed in our contact so ,this will cause an error.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. @> if (bridgingDecimals < 18) { uint256 normalizedStakingAmount = stakingIncentive / (10 * (18 - bridgingDecimals)); normalizedStakingAmount = 10 ** (18 - bridgingDecimals); // Update return amounts // stakingIncentive is always bigger or equal than normalizedStakingAmount returnAmount += stakingIncentive - normalizedStakingAmount; // Downsize staking incentive to a specified number of bridging decimals stakingIncentive = normalizedStakingAmount; }
f (bridgingDecimals < 18) { uint256 normalizedAmount = amount / (10 * (18 - bridgingDecimals)); normalizedAmount = 10 ** (18 - bridgingDecimals); // Downsize staking incentive to a specified number of bridging decimals amount = normalizedAmount; }
Tools Used
Recommended Mitigation Steps
they should use tokens.decimals instead of fix value of 18.
Assessed type
Context