TwoTokenPoolMixin.sol : the token's decimals could not be same. Calculation based on token decimal will not give correct result.
Summary
TwoTokenPoolMixin.sol : the token's decimals could not be same.
Vulnerability Detail
In TwoTokenPoolMixin.sol, primary and secondary token's decimals are set by checking that they should be <= 18. But they can be different.
When they are different, the calculation based on decimal values will not be correct.
Impact
The calculation based on primary and secondary decimals will not give correct result.
ak1
high
TwoTokenPoolMixin.sol : the token's decimals could not be same. Calculation based on token decimal will not give correct result.
Summary
TwoTokenPoolMixin.sol : the token's decimals could not be same.
Vulnerability Detail
In
TwoTokenPoolMixin.sol, primary and secondary token's decimals are set by checking that they should be <= 18. But they can be different. When they are different, the calculation based on decimal values will not be correct.Impact
The calculation based on primary and secondary decimals will not give correct result.
Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/TwoTokenPoolMixin.sol#L56-L66
Tool used
Manual Review
Recommendation
Add validation to check whether both of the token decimals are equal. or Do normalization of data based on the decimals while using them.
Duplicate of #88