This repository has been archived by the owner on Sep 17, 2023. It is now read-only.
imare - computing CR only works for collateral with 18 decimals value #192
Comments
github-actions
bot
added
High
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
imare
medium
computing CR only works for collateral with 18 decimals value
Summary
When calculating collateral ratio with
TauMath#_computeCRmethod if we use a collateral with decimals larger then 18 we can get an arithmetic overflow.Collateral ratio in the protocol is represented as an 18 decimal precision value but the calculation will be wrong if asset is not 18 decimal.
Vulnerability Detail
When calculating collateral ratio for a asset that has 30 decimals precession (for example
GLPPriceOraclereports price as 30 decimal precision value) we get an arithmetic overflow in this line:https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Libs/TauMath.sol#L18
Impact
The current collateral ratio calculation is limited to asset that only supports 18 decimals
Code Snippet
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Libs/TauMath.sol#L18
Tool used
Manual Review
Recommendation
When calculating the collateral ratio is recommend to scale up/down the collateral value and collateral price to 18 decimals before the calculation.
Duplicate of #35
The text was updated successfully, but these errors were encountered: