search

code-423n4 / 2024-07-basin-validation

0 stars 0 forks source link

Incorrect Decimal Checking in the `Stable2::decodeWellData()` function #86

Closed c4-bot-2 closed 3 months ago

c4-bot-2 commented 3 months ago

Lines of code

https://github.com/code-423n4/2024-07-basin/blob/7d5aacbb144d0ba0bc358dfde6e0cc913d25310e/src/functions/Stable2.sol#L317

Vulnerability details

Impact

The current logic incorrectly checks decimal0 instead of decimal1. This mistake could cause unintended consequences in scenarios where the value of decimal1 needs to be checked and updated accordingly.

Proof of Concept

In the Stable2::decodeWellData() function, there are conditional checks to set default values (decimal 18) when either of the decimal values is zero.

    function decodeWellData(bytes memory data) public view virtual returns (uint256[] memory decimals) {
        (uint256 decimal0, uint256 decimal1) = abi.decode(data, (uint256, uint256));

        // if well data returns 0, assume 18 decimals.
        if (decimal0 == 0) {
            decimal0 = 18;
        }
        if (decimal0 == 0) {
            decimal1 = 18;
        }
        ... ...
    }

However, the function checks decimal0 twice instead of checking decimal1, which may result in decimal1 being incorrectly set to 18.

Therefore, in case that reserve token 1 has non-18 decimals, the funtionality of the pool will be ruined due to the whole incorrect calculations.

Tools Used

Manual Review

Recommended Mitigation Steps

decimal1 should be checked in the function:

    function decodeWellData(bytes memory data) public view virtual returns (uint256[] memory decimals) {
        (uint256 decimal0, uint256 decimal1) = abi.decode(data, (uint256, uint256));

        // if well data returns 0, assume 18 decimals.
        if (decimal0 == 0) {
            decimal0 = 18;
        }
-       if (decimal0 == 0) {
+       if (decimal1 == 0) {
            decimal1 = 18;
        }
        ... ...
    }

Assessed type

ERC20