search

hats-finance / Convergence-Finance---IBO-0x0e410e7af8e70fc5bffcdbfbdf1673ee7b3d0777

IBO, Vesting & Bond mecanism repo prepared for Hat finance audit competition
0 stars 0 forks source link

decimals() is not a part of the ERC-20 standard #87

Open hats-bug-reporter[bot] opened 10 months ago

hats-bug-reporter[bot] commented 10 months ago

Github username: @saidqayoumsadat Submission hash (on-chain): 0xfe0fae9c4c1fa38373b80cab8368ba557914fb700c56bebd46176aba04bef23d Severity: low

Description: Description

The decimals() function is not a part of the ERC-20 standard, and was added later as an optional extension. As such, some valid ERC20 tokens do not support this interface, so it is unsafe to blindly cast all tokens to this interface, and then call this function.

file: /contracts/Oracles/CvgOracle.sol

212       uint256 token0Decimals = IERC20Metadata(IUniswapV3Pool(uniswapPool).token0()).decimals();

213        uint256 token1Decimals = IERC20Metadata(IUniswapV3Pool(uniswapPool).token1()).decimals();

https://github.com/Cvg-Finance/hats-audit/blob/da48577d2f42fa8c2e35bb7223208ea6ba88012e/contracts/Oracles/CvgOracle.sol#L212-L213

file: /contracts/PresaleVesting/Ibo.sol

291            token: ERC20View({decimals: token.decimals(), token: token.symbol(), tokenAddress: address(token)}),

https://github.com/Cvg-Finance/hats-audit/blob/da48577d2f42fa8c2e35bb7223208ea6ba88012e/contracts/PresaleVesting/Ibo.sol#L291

0xR3vert commented 9 months ago

Hello, Thanks a lot for your attention. We will only use token that follow the erc20 standards. In conclusion we have so to consider this issue as invalid.