Closed sherlock-admin2 closed 1 year ago
ali_shehab
high
The contract assumes that all tokens that will be used will be 18 decimals however, it will use all tokens that are supported by uni swap v3 which may not be 18 decimals.
See summary
Complete wrong multiplication and division.
https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/libraries/Constants.sol#L15C13-L15C20
function collectProtocol(address recipient, address[] calldata tokens) external onlyOwner { uint256[] memory amounts = new uint256[](tokens.length); for (uint256 i; i < tokens.length; ) { address token = tokens[i]; uint256 amount = platformsFeesInfo[token] / Constants.COLLATERAL_BALANCE_PRECISION; if (amount > 0) { platformsFeesInfo[token] = 0; amounts[i] = amount; Vault(VAULT_ADDRESS).transferToken(token, recipient, amount); } unchecked { ++i; } } emit CollectProtocol(recipient, tokens, amounts); }
function checkDailyRateCollateral( bytes32 borrowingKey ) external view returns (int256 balance, uint256 estimatedLifeTime) { (, balance, estimatedLifeTime) = _getDebtInfo(borrowingKey); balance /= int256(Constants.COLLATERAL_BALANCE_PRECISION); }
uint256 public constant COLLATERAL_BALANCE_PRECISION = 1e18;
Manual Review
use other way to get the decimals
Duplicate of #176
ali_shehab
high
Assuming all tokens are 18 decimals
Summary
The contract assumes that all tokens that will be used will be 18 decimals however, it will use all tokens that are supported by uni swap v3 which may not be 18 decimals.
Vulnerability Detail
See summary
Impact
Complete wrong multiplication and division.
Code Snippet
https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/libraries/Constants.sol#L15C13-L15C20
Tool used
Manual Review
Recommendation
use other way to get the decimals
Duplicate of #176