search

sherlock-audit / 2023-12-dodo-gsp-judging

6 stars 5 forks source link

Avci - not every token works FINE with IERC20 standard thus the decimal value would be wrong. #171

Closed sherlock-admin closed 6 months ago

sherlock-admin commented 6 months ago

Avci

medium

not every token works FINE with IERC20 standard thus the decimal value would be wrong.

Summary

not every token works FINE with IERC20 standard

Vulnerability Detail

in the GSP.sol contract in line 78 the the code used the IERC20 meta data standard to store the decimal of the token used but the problem there are tokens like usdt which you are going to use aren't able to work perfectly fine with IERC20 standards.

Impact

the decimal storing will not work for the that kind of tokens.

Code Snippet

https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSP.sol#L78

decimals = IERC20Metadata(baseTokenAddress).decimals();

Tool used

Manual Review

Recommendation

consider implementing configurable mapping or a manual mechanism to allow setting the decimal value for tokens that do not conform to the standard. This way, the contract can handle weird tokens including those with non-standard implementations.

nevillehuang commented 6 months ago

Invalid, USDT will work with the IERC20Metadata standard