Deivitto - Pools can't get deployed for certain tokens

[github-actions[bot]]

Deivitto

medium

Pools can't get deployed for certain tokens

Summary

Can't deploy pools for tokens with more than 18 decimals

Vulnerability Detail

There are a different values used within ERC20 tokens, standard is 18. If someone tries to add a token with more decimals, it will revert due to non being compatible with this tokens.

This issue happens both, with quote and collateral tokens

function deployPool(
address collateral_, address quote_, uint256 interestRate_
) external canDeploy(ERC20_NON_SUBSET_HASH, collateral_, quote_, interestRate_) returns (address pool_) {
        uint256 quoteTokenScale = 10 ** (18 - IERC20Token(quote_).decimals());
        uint256 collateralScale = 10 ** (18 - IERC20Token(collateral_).decimals());
        // ...

Impact

Process fail when asset from quote.decimals() or collateral.decimals() is bigger than 18 due to underflow revert.

Code Snippet

• ERC20PoolFactory.sol#L53 uint256 quoteTokenScale = 10 ** (18 - IERC20Token(quote_).decimals());

• ERC20PoolFactory.sol#L54 uint256 collateralScale = 10 ** (18 - IERC20Token(collateral_).decimals());

• ERC721PoolFactory.sol#L57 uint256 quoteTokenScale = 10**(18 - IERC20Token(quote_).decimals());

Tool used

Manual analysis

Recommendation

Add compatibility or explicitly add a check that decimals() <= 18 in canDeploy modifier

Duplicate of #123