search

code-423n4 / 2024-07-basin-validation

0 stars 0 forks source link

Incorrectly checking for `decimal1` with `decimal0`. #107

Closed c4-bot-4 closed 3 months ago

c4-bot-4 commented 3 months ago

Lines of code

https://github.com/code-423n4/2024-07-basin/blob/main/src/functions/Stable2.sol#L317

Vulnerability details

In the Stable2.sol contract the decodeWellData function responsible for decoding and validating token decimals from input data. And the function is intended to decode token decimals from the provided data and set default values if they are zero. However the function mistakenly checked decimal0 twice, which could lead to incorrect handling of decimal1 if it is set to 0.

Impact

decimal1 might incorrectly set to 0 instead of 18.

Proof of Concept

https://github.com/code-423n4/2024-07-basin/blob/main/src/functions/Stable2.sol#L317

Tools Used

Manual review.

Recommended Mitigation Steps

Consider replace decimal0 to decimal1 in below function.

 function decodeWellData(bytes memory data) public view virtual returns (uint256[] memory decimals) {
        (uint256 decimal0, uint256 decimal1) = abi.decode(data, (uint256, uint256));

        // if well data returns 0, assume 18 decimals.
        if (decimal0 == 0) {
            decimal0 = 18;
        }
-        if (decimal0 == 0) {
+        if (decimal1 == 0) {
            decimal1 = 18;
        }
        if (decimal0 > 18 || decimal1 > 18) revert InvalidTokenDecimals();

        decimals = new uint256[](2);
        decimals[0] = decimal0;
        decimals[1] = decimal1;
    }

Assessed type

Decimal