top of page

LOW - Polygon token-swap rounding error

Target


Bug Description

When using the https://wallet.polygon.technology/token-swap endpoint, the user specifies the source and dest ERC20 tokens for the swap. Using the MAX button the user supposedly transfers the entire existing amount. However, the balance displayed (and sent to the contract) is rounded up to the 5th digit after the decimal point. Therefore, the execution reverts with “request exceeding balance” and user has a very bad user experience with the transaction.



Impact: User experience is damaged

  • Transaction is pending for a long time (Using default gas on metamask, waited 19 minutes for transaction to be included and reverted). During this time the entire transaction queue is clogged because of out of sync nonce value.

  • User needs to increase transaction fee in order to incentivize miners to include it, or manually override the nonce key.

  • User is anxious and can be very upset when seeing the transaction revert due to insufficient balance — he may think he has been scammed in some way.

Recommendation The balance displayed to the user should never be rounded up as user can try to swap the displayed amount, either using MAX button or manually, both will revert.

Proof of Concept Have some amount of ERC20 token with swapping capabilities , with more than 5 digits after decimal point. Browse https://wallet.polygon.technology/token-swap, choose ERC20 token, select to swap MAX or manually type the displayed balance. Execution will revert and user will lose transaction fees. Example scenario: https://polygonscan.com/address/0x3f0feda412c4cd8741247f4d10411c83cc1313df note the three reverted transactions to Exchange proxy, followed by manually rounding down the swap amount.


0 comments

Comentarios


bottom of page