Assessment reports>Palmy Finance>Medium findings>The sources of decimal information are inconsistent
Category: Coding Mistakes

The sources of decimal information are inconsistent

Medium Severity
Low Impact
Low Likelihood

Description

The information about the number of decimals is required to use the price obtained from the oracle. Several contracts, such as the lending pool and Leverager contract, rely on this information to function correctly.

The Leverager contract refers to the return value of the decimals() function of the asset to obtain the number of decimals. However, this number is not necessarily the same as the number of decimals stored in the lending pool, because it uses the number of decimals provided when the asset was initialized on the lending pool.

If these two numbers are different, the close function in the Leverager contract will behave in unexpected ways, including reverting, closing a position incompletely, and so on.

Impact

The prices of lent and deposited assets are calculated using the number of decimals. If this information is incorrect, the close() function can revert or close a position incompletely.

Although a user can manually close the position of the relevant asset by interacting with the lending pool contract repeatedly, this process requires more time and exposes the user to the risk of being liquidated before they close the position.

Recommendations

Consider fetching the number of decimals information from the lending pool.

Remediation

This issue has been acknowledged by Familia Labs Ltd., and a fix was implemented in commit 2ad2372c.

Zellic © 2025Back to top ↑