Proud Rusty Mantis
High
We have the following function:
function ethToToken(uint256 _ethAmount, address _pricefeed, uint128 _chainlink_heartbeat, uint256 _decimals) public view checkSequencerActive returns (uint256 tokenAmount) {
...
tokenAmount = FullMath.mulDiv(_ethAmount, uint256(price), 10 ** AggregatorV3Interface(_pricefeed).decimals());
...
tokenAmount = tokenAmount * 10 ** (18 - _decimals);
}The _decimals are the decimals of the token, aiming to convert tokenAmount into token decimals. This is incorrect as we should be dividing here in order to turn the 18 decimal ETH amount into token amount.
- User swaps 1e18 ETH to USDC at 3000e8 price and 8 price feed decimals
- The
tokenAmountequals$1e18 * 3000e8 / 1e8 = 3000e18$ - After the decimal conversion, we turn it into 3000e30 instead of 3000e6
Incorrect decimal conversion. As the protocol have clearly made it a priority to handle assets with a different amount of decimals, this is a serious and valid issue.
Divide instead of multiply