This repository has been archived by the owner on Sep 17, 2023. It is now read-only.
mstpr-brainbot - Misaccounting Decimals #165
Comments
github-actions
bot
added
High
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
mstpr-brainbot
high
Misaccounting Decimals
Summary
_getCollPrice returned decimals assumes always 18 decimals
Vulnerability Detail
This function always returns the collateral ratio in 18 decimals. In a case where collateral tokens decimals is not 18 this function will not work as it intended.
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/BaseVault.sol#L190-L196
here the math for decimals is: (collatDecimals + priceDecimals + 18) - (collatDecimals + priceDecimals) = 18, so it is fixed 18 no matter what you input because of the PRECISION.
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Libs/TauMath.sol#L11-L27
Example: Imagine collateral token is 6 decimals. Every time you try to check the health factor you will receive something up to 18 decimals so this function will always return you that you are way over your health factor because of misleading decimals.
Impact
Code Snippet
Tool used
Manual Review
Recommendation
Duplicate of #35
The text was updated successfully, but these errors were encountered: