Deposit and withdraw wrong decimals of amount in contract PerpDepository
Summary
Function vault.deposit and vault.withdraw of vault in contract PerpDepository need to be passed with amount in raw decimal of tokens (is different from 18 in case using USDC, WBTC, ... as base and quote tokens). But some calls miss the conversion of decimals from 18 to token's decimal, and pass wrong decimals into them.
Vulnerability Detail
Function vault.deposit need to be passed the param amount in token's decimal (as same as vault.withdraw). You can see at function _depositAsset in the contract PerpDepository.
But there are some calls of vault.deposit and vault.withdraw that passed the amount in wrong decimal (18 decimal).
Let's see function _rebalanceNegativePnlWithSwap in contract PerpDepository:
Because function _placePerpOrder returns in decimal 18 (confirmed with sponser WarTech), this calls pass baseAmount and quoteAmount in decimal 18, inconsistent with the above call. It leads to vault using the wrong decimal when depositing and withdrawing tokens.
There is another case that use vault.withdraw with the wrong decimal (same as this case) in function _rebalanceNegativePnlLite:
## Impact
Because of calling `vault.deposit` and `vault.withdraw` with wrong decimal of the param amount, the protocol can lose a lot of funds. And some functionalities of the protocol can be broken cause it might revert by not enough allowance when calling these functions.
## Code Snippet
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L498
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L524
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L638
## Tools used
Manual review
## Recommendation
Should convert the param `amount` from decimal 18 to token's decimal before `vault.deposit` and `vault.withdraw`.
duc
high
Deposit and withdraw wrong decimals of amount in contract
PerpDepositorySummary
Function
vault.depositandvault.withdrawof vault in contractPerpDepositoryneed to be passed with amount in raw decimal of tokens (is different from 18 in case using USDC, WBTC, ... as base and quote tokens). But some calls miss the conversion of decimals from 18 to token's decimal, and pass wrong decimals into them.Vulnerability Detail
Function
vault.depositneed to be passed the param amount in token's decimal (as same asvault.withdraw). You can see at function_depositAssetin the contract PerpDepository.But there are some calls of
vault.depositandvault.withdrawthat passed the amount in wrong decimal (18 decimal). Let's see function_rebalanceNegativePnlWithSwapin contract PerpDepository:Because function
_placePerpOrderreturns in decimal 18 (confirmed with sponser WarTech), this calls passbaseAmountandquoteAmountin decimal 18, inconsistent with the above call. It leads to vault using the wrong decimal when depositing and withdrawing tokens.vault.withdrawwith the wrong decimal (same as this case) in function_rebalanceNegativePnlLite:(uint256 baseAmount, uint256 quoteAmount) = _placePerpOrder( normalizedAmount, isShort, amountIsInput, sqrtPriceLimitX96 ); vault.withdraw(assetToken, baseAmount);
...