#36065 [SC-Insight] `Market.update_market_configuration` should reuse old configuration's `base_token.decimals`
Submitted on Oct 17th 2024 at 16:05:55 UTC by @jasonxiale for IOP | Swaylend
- Report ID: #36065
- Report Type: Smart Contract
- Report severity: Insight
- Target: https://github.com/Swaylend/swaylend-monorepo/blob/main/contracts/market/src/main.sw
- Impacts:
In Market.update_market_configuration, while updating the `MarketConfiguration`, orignal `configuration.base_token` can't be changed in main.sw#L980, `MarketConfiguration.base_token_decimals` shouldn't be changed too.
```Rust 971 // # 11. Changing market configuration 972 #[storage(write)] 973 fn update_market_configuration(configuration: MarketConfiguration) { 974 // Only owner can update the market configuration 975 only_owner(); 976 977 let mut configuration = configuration; 978 979 // Cannot change base token and tracking index scale 980 configuration.base_token = storage.market_configuration.read().base_token; <<<--- `MarketConfiguration.base_token_decimals` should be reused here too 981 configuration.base_tracking_index_scale = storage.market_configuration.read().base_tracking_index_scale; 982 983 // Update the market configuration 984 storage.market_configuration.write(configuration); 985 986 // Emit market configuration event
987 log(MarketConfigurationEvent { 988 market_config: configuration, 989 }); 990 } ```
To avoid the mistake
Add any relevant links to documentation or code
https://gist.github.com/crazy4linux/382b80b244a219346a827755a3ea594e