function calculateStack()
public
view
returns (ProcessWithdrawalsStack memory s)
{
.......
IPriceOracle priceOracle = IPriceOracle(configurator.priceOracle());
for (uint256 i = 0; i < tokens.length; i++) {
uint256 priceX96 = priceOracle.priceX96(address(this), tokens[i]);
s.totalValue += FullMath.mulDiv(amounts[i], priceX96, Q96);
s.ratiosX96Value += FullMath.mulDiv(s.ratiosX96[i], priceX96, Q96);
s.erc20Balances[i] = IERC20(tokens[i]).balanceOf(address(this));
}
This will cause the tokens to be incorrectly valued
Eg: if the deposit ratio is [50:50,eth:usdc], then a deposit of 1e6 usdc will make the maximum depositable weth amount to be 1e6 while it should actually be 1e18 weth
Impact
The token amounts to will be calculated incorrectly
Code Snippet
Tool used
Manual Review
Recommendation
Handle the decimal conversion for the underlying assets
hash
High
Token decimals difference is not handled
Summary
Vulnerability Detail
Underlying tokens can have different decimals. But this is not handled in multiple places like the token valuation and deposits
deposits
calculating tvl
This will cause the tokens to be incorrectly valued
Eg: if the deposit ratio is [50:50,eth:usdc], then a deposit of 1e6 usdc will make the maximum depositable weth amount to be 1e6 while it should actually be 1e18 weth
Impact
The token amounts to will be calculated incorrectly
Code Snippet
Tool used
Manual Review
Recommendation
Handle the decimal conversion for the underlying assets
Duplicate of #160