M-02 MitigationConfirmed #30
Labels
confirmed for report
This issue is confirmed for report
mitigation-confirmed
MR-M-02
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
|
thereksfour marked the issue as satisfactory |
c4-judge
added
the
satisfactory
|
thereksfour marked the issue as confirmed for report |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
Vulnerability details
Lines of code
https://github.com/reserve-protocol/protocol/blob/9ee60f142f9f5c1fe8bc50eef915cf33124a534f/contracts/plugins/assets/compoundv3/CTokenV3Collateral.sol#L56
https://github.com/reserve-protocol/protocol/blob/9ee60f142f9f5c1fe8bc50eef915cf33124a534f/contracts/plugins/assets/compoundv3/CusdcV3Wrapper.sol#L46
https://github.com/reserve-protocol/protocol/blob/9ee60f142f9f5c1fe8bc50eef915cf33124a534f/contracts/plugins/assets/compoundv3/CusdcV3Wrapper.sol#L236
Vulnerability details
A discrepancy was found within the CTokenV3Collateral contract concerning
_underlyingRefPerTok(). The original implementation utilized theerc20Decimalsfrom theCusdcV3Wrappercontract (instead ofcomet.decimals()) which resulted in inaccurate conversions due to decimal misalignment with the underlying Comet token.Mitigation
PR #889
The sponsor took the mitigation steps to resolve the issue by replacing
erc20Decimalswithcomet.decimals()ensuring the correct decimal precision is utilized in_underlyingRefPerTok()with an added measure to cachecomet.decimals()for gas optimization.Conclusion
The mitigation has been successfully implemented and reviewed, addressing the initial vulnerability concerning the incorrect decimal precision in
_underlyingRefPerTok()of theCTokenV3Collateralcontract. This modification ensures that the conversion ratio between collateral and reference units is accurately computed moving forward.The text was updated successfully, but these errors were encountered: