Closed robertleifke closed 1 month ago
Ensure that all data from user-provided inputs is validated. Write unit tests specifically targeting these inputs to confirm that appropriate protections are in place within the system. This will prevent unexpected behavior from unexpected inputs.
Merged PR to validate decimal values on both token0
and token1
.
Description:
Users can create pools with decimals that do not reflect the actual decimals the tokens have. This results in the arithmetic being calculated incorrectly.
The
Factory
contract allows users to set the decimal values for bothtoken0
andtoken1
tokens in the resultingLendgine
contract when the users call thecreateLendgine
function. The contract does not validate whether these decimal values match the actual number of decimals the token has, allowing an attacker to specify any number between zero and 18.Action Items:
token0
andtoken1
while creating a newLendgine
contract, instead of relying on a user-provided input.