ak1 - Boosted3TokenPoolMixin.sol : Three token's decimal could be different. The further calculation based on these decimal value will not be correct. #140
Boosted3TokenPoolMixin.sol : Three token's decimal could be different. The further calculation based on these decimal value will not be correct.
Summary
Three token's decimal could be different. The further calculation based on these decimal value will not be correct.
Vulnerability Detail
During the three token price mixings, the toke decimals for all tokens are validated such that whetehr they are lesser then or equal to 18.
But the token decimals can be different. It is not always guaranteed that the token decimal will be same.
Impact
decimal based data calculations will not be valid.
ak1
high
Boosted3TokenPoolMixin.sol : Three token's decimal could be different. The further calculation based on these decimal value will not be correct.
Summary
Three token's decimal could be different. The further calculation based on these decimal value will not be correct.
Vulnerability Detail
During the three token price mixings, the toke decimals for all tokens are validated such that whetehr they are lesser then or equal to 18. But the token decimals can be different. It is not always guaranteed that the token decimal will be same.
Impact
decimal based data calculations will not be valid.
Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/Boosted3TokenPoolMixin.sol#L82-L100
Tool used
Manual Review
Recommendation
Either validate the three decimal values all are equal to 18. or do price normalization by considering the decimals values.