You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
Users can mint free Illuminate PTs if underlying decimals don't match external PTs
Summary
Users can mint free Illuminate PTs if underlying decimals don't match external PTs
Vulnerability Detail
The Illuminate PTs always match the decimals of the underlying, but when external PTs are used for minting Illuminate PTs, the amount minted is not adjusted for the differences in decimals.
Impact
Users can inflate away the value of Illuminate PTs by minting using external PTs with different decimals than the underlying
Code Snippet
There are no conversions based on decimals - one input external PT results in one Illuminate PT:
// File: src/Lender.sol : Lender.mint() #1270function mint(
271uint8p,
272addressu,
273uint256m,
274uint256a275 ) externalunpaused(u, m, p) returns (bool) {
276// Fetch the desired principal token277address principal =IMarketPlace(marketPlace).token(u, m, p);
278279// Transfer the users principal tokens to the lender contract280 Safe.transferFrom(IERC20(principal), msg.sender, address(this), a);
281282// Mint the tokens received from the user283IERC5095(principalToken(u, m)).authMint(msg.sender, a);
284285emitMint(p, u, m, a);
286287returntrue;
288: }
For example, Swivel tokens are all locked at 18 decimals, Pendle uses the decimals of the yield token (e.g. cDai) rather than the decimals of the underlying, and (Notional)[https://github.com/notional-finance/wrapped-fcash/blob/ad5c145d9988eeee6e36cf93cc3412449e4e7eba/contracts/wfCashBase.sol#L103] locks the decimals to 8.
Tool used
Manual Review
Recommendation
Convert the decimals of the PT to those of the underlying, and adjust the number of Illuminate PTs minted based on that conversion
The text was updated successfully, but these errors were encountered:
IllIllI
high
Users can mint free Illuminate PTs if underlying decimals don't match external PTs
Summary
Users can mint free Illuminate PTs if underlying decimals don't match external PTs
Vulnerability Detail
The Illuminate PTs always match the decimals of the underlying, but when external PTs are used for minting Illuminate PTs, the amount minted is not adjusted for the differences in decimals.
Impact
Users can inflate away the value of Illuminate PTs by minting using external PTs with different decimals than the underlying
Code Snippet
There are no conversions based on decimals - one input external PT results in one Illuminate PT:
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Lender.sol#L270-L288
For example, Swivel tokens are all locked at 18 decimals, Pendle uses the decimals of the yield token (e.g. cDai) rather than the decimals of the underlying, and (Notional)[https://github.com/notional-finance/wrapped-fcash/blob/ad5c145d9988eeee6e36cf93cc3412449e4e7eba/contracts/wfCashBase.sol#L103] locks the decimals to 8.
Tool used
Manual Review
Recommendation
Convert the decimals of the PT to those of the underlying, and adjust the number of Illuminate PTs minted based on that conversion
The text was updated successfully, but these errors were encountered: