pkqs90 - AMO contracts does not work with high decimal stablecoins.

[sherlock-admin3]

pkqs90

Medium

AMO contracts does not work with high decimal stablecoins.

Summary

AMO contracts does not work with high decimal stablecoins, specifically, tokens with decimals larger than 18.

Root Cause

In the contest readme, it is noted all stablecoins (except FoT) is supported:

Q: If you are integrating tokens, are you allowing only whitelisted tokens to work with the codebase or any complying with the standard? Are they assumed to have certain properties, e.g. be non-reentrant? Are there any types of weird tokens you want to integrate?

Yes, the AMO are deployed by the team, with a specific stablecoin as a pair! In the the scope of this audit would be any USD-pegged token, beside fee-on-transfer ones.

In MasterAMO, both toBoostAmount() and toUsdAmount() function would underflow for such token. These two functions are used within SolidlyV2AMO and SolidlyV3AMO, thus the entire contract won't work.

    function toBoostAmount(uint256 usdAmount) internal view returns (uint256) {
        return usdAmount * 10 ** (boostDecimals - usdDecimals);
    }

    function toUsdAmount(uint256 boostAmount) internal view returns (uint256) {
        return boostAmount / 10 ** (boostDecimals - usdDecimals);
    }

• https://github.com/sherlock-audit/2024-10-axion/blob/main/liquidity-amo/contracts/MasterAMO.sol#L332-L338

Internal pre-conditions

N/A

External pre-conditions

N/A

Attack Path

N/A

Impact

AMO contracts does not work with high decimal stablecoins.

PoC

N/A

Mitigation

Handle the case toBoostAmount() and toUsdAmount where usdDecimals > 18.