Incorrect Error Handling #70
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-17
🤖_09_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Comments
howlbot-integration
bot
added
2 (Med Risk)
c4-judge
added
3 (High Risk)
|
alex-ppg changed the severity to 3 (High Risk) |
|
alex-ppg marked the issue as satisfactory |
c4-judge
added
the
satisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2024-07-basin/blob/7d5aacbb144d0ba0bc358dfde6e0cc913d25310e/src/functions/Stable2.sol#L314
https://github.com/code-423n4/2024-07-basin/blob/7d5aacbb144d0ba0bc358dfde6e0cc913d25310e/src/functions/Stable2.sol#L315
Vulnerability details
InvalidTokenDecimals Error:
In decodeWellData, the code checks decimal0 == 0 twice
The second check should be for decimal1, not decimal0.
if (decimal1 == 0) {
decimal1 = 18;
}
Explanation:
The second if condition incorrectly checks decimal0 instead of decimal1. This means if decimal0 is 0, it will set both decimal0 and decimal1 to 18, even if decimal1 should be checked.
Example Exploitation:
If decimal0 is 0 but decimal1 is not set correctly, it could cause incorrect scaling of reserves. This misconfiguration could lead to erroneous calculations, impacting pricing or liquidity management.
Impacts:
Incorrect token decimal handling might result in unexpected contract behavior.
Financial calculations and interactions might be misrepresented, leading to incorrect balances or transactions.
Mitigations:
Correct the condition to check decimal1 in the second if statement like this:
if (decimal1 == 0) {
decimal1 = 18;
}
Assessed type
Other
The text was updated successfully, but these errors were encountered: