Potential underflow in getUnderlyingPrice
due to high decimals
Description
In the CompositeOracle.getUnderlyingPrice()
function, the calculation of the price includes a scaling operation that may lead to underflow errors if the underlying token has decimals higher than 18 (such as YAM-V2):
function getUnderlyingScaledPrice(TToken tToken) internal view returns (uint256 price) {
// [...]
price = scalePrice(rawPrice, feedDecimals, decimals);
price = price * 10 ** (36 - 2 * decimals);
The line price = price * 10 ** (36 - 2 * decimals);
performs a multiplication based on the token's decimals. If the decimals value exceeds 18, the operation may attempt to perform calculations with values that result in underflow, causing the function to revert.
Impact
This vulnerability can lead to function reverts if tokens have more than 18 decimals. The protocol would not be able to get the correct price, and the market would not work as expected.
Recommendations
Document the lack of support for tokens with more than 18 decimals, or scale the price differently to accommodate those tokens.
Remediation
Takara Lend will carefully review this aspect to avoid using assets with precision higher than 18 decimals.