The constructor assume 18 decimals for underlying token incorrectly due to low-level static call fails #58
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-172
grade-c
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_25_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVault.sol#L304-L305
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVault.sol#L772-L783
Vulnerability details
Impact
PrizeVault::_underlyingDecimals
sets to 18 decimals incorrectly when low-level static call in functionPrizeVault::_tryGetAssetDecimals()
fails due to reasons like insufficient gas / target contract deployment failure, etc.Proof of Concept
When
(bool success, bytes memory encodedDecimals) = address(asset_).staticcall( abi.encodeWithSelector(IERC20Metadata.decimals.selector) );
fails due to reasons mentioned above, return (false, 0);In constructor call :
PrizeVault::_underlyingDecimals
sets to 18 decimals while other token does not have 18 decimals.Tools Used
Manual Review
Recommended Mitigation Steps
PrizeVault::_tryGetAssetDecimals()
_underlyingDecimals = asset_.decimals()
in constructor;Assessed type
Decimal
The text was updated successfully, but these errors were encountered: