The function decodeWellData() is utilized throughout the codebase to decode decimals from the provided data bytes. This process is crucial for standardizing tokens with varying decimals to a uniform 1e18 scale, which is done by getScaledReserves(). While the function correctly adjusts a token's decimal to 18 if its value is zero, it fails to properly check the decimal value of the second token due to an incorrect comparison.
function decodeWellData(/*...*/) public view virtual returns (/*...*/) {
//....
//@audit Incorrect comparison, correct statement should be `decimal1 == 0`
if (decimal0 == 0) {
decimal1 = 18;
}
//....
}
Impact
This issue causes incorrect calculations whenever a token with a zero decimal is evaluated as the second token. This could lead to significant discrepancies in the output values, potentially affecting the overall accuracy of operations that rely on this function.
Proof of Concept
Below are the test results from Stable2.t.sol, illustrating the discrepancy between expected and actual values when the second token’s decimal is set to zero.
function test_calcLpTokenSupply_diffDecimals()
//Keeping rest every variable same
//ActualValue = 398_000_083_749_971_996_546_125
//ExpectedValue = 3_174_550_119_730_348
Function like testFuzz_calcLpTokenSupply(), testFuzz_stableSwap() will also fail while testing with zero value decimal.
Tools Used
Manual review and Fuzz testing
Recommended Mitigation Steps
Replace the incorrect if statement with the correct condition: decimal1 == 0. This ensures that the second token's decimal value is correctly adjusted when it is zero.
Lines of code
https://github.com/code-423n4/2024-07-basin/blob/main/src/functions/Stable2.sol#L317-L319
Vulnerability details
Description
The function
decodeWellData()is utilized throughout the codebase to decode decimals from the provideddatabytes. This process is crucial for standardizing tokens with varying decimals to a uniform 1e18 scale, which is done bygetScaledReserves(). While the function correctly adjusts a token's decimal to 18 if its value is zero, it fails to properly check the decimal value of the second token due to an incorrect comparison.Impact
This issue causes incorrect calculations whenever a token with a zero decimal is evaluated as the second token. This could lead to significant discrepancies in the output values, potentially affecting the overall accuracy of operations that rely on this function.
Proof of Concept
Below are the test results from
Stable2.t.sol, illustrating the discrepancy between expected and actual values when the second token’s decimal is set to zero.Function like
testFuzz_calcLpTokenSupply(),testFuzz_stableSwap()will also fail while testing with zero value decimal.Tools Used
Manual review and Fuzz testing
Recommended Mitigation Steps
Replace the incorrect
ifstatement with the correct condition:decimal1 == 0. This ensures that the second token's decimal value is correctly adjusted when it is zero.Assessed type
Invalid Validation