Open hats-bug-reporter[bot] opened 5 months ago
The amountIn for a token with 6 decimals would be in 1e6, it would make no sense to derive an 1e18 amount for a token with more. Thus they cancel out fine, I too asked the sponsor about this since it seemed quite sus.
I agree that we should have a check that our baseAsset is WETH but it was never our intention to support anything but in this version as you can find in the readme in the root of repo. The only supported baseAsset is WETH. For this, we will consider it a valid but low finding.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xe2da70c2745ee851e320312ebf772eb9ab0b40ee8d8f676da5e27c281e478e2d Severity: high
Description: Description\ When a call to
getRebalanceVaueStats
is done we have the following.You'll notice that the comment above
outEthValue
statesIf
destinationOut == lmpVaultAddress
ordestinationIn == lmpVaultAddress
we returnparam.amountIn/params.amountOut
This assumes that the underlying token for
LMPVault
is in 18 decimals, but that may not be the case, as there is nothing enforcing this if we look at the constructor forLMPVault
Attack Scenario\
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional) Scale up/down
params.amountIn/params.amountOut
depending on what the underlying token decimals are so they are in 1e18 precision.