Mixed-decimals math without explicit scaling

A code & audits factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor detects whether the protocol performs arithmetic operations over token amounts with different decimal precisions -- for example, combining a 6-decimal USDC amount with an 18-decimal ETH amount in the same numerator or denominator -- without explicit WAD/RAY normalization or equivalent decimal-aware scaling. The assessment is performed by static analysis and source inspection, looking for arithmetic expressions that mix token amounts without consistent decimal normalization.

**Why it matters** Mixed-decimals arithmetic produces values that differ by factors of 10^12 or more depending on which token is in the numerator. A protocol that divides an 18-decimal amount by a 6-decimal amount without scaling will produce a result 10^12 times larger than intended, or 10^12 times smaller. This class of error has caused approximately five documented hacks in the T-01 evidence base. Lending protocols that support multiple collateral types with different decimal precisions are the primary risk surface -- a single price or collateral calculation that mixes decimals can make an asset appear massively over- or under-valued.

**Green / Yellow / Red** Green: all arithmetic operations involving token amounts explicitly normalize to a common precision (18 decimals / WAD / RAY or equivalent) before combining values across different token types. Yellow: normalization is applied in primary fund-movement functions but some peripheral calculations (e.g., display math, off-chain computation helpers) mix decimals without scaling. Red: any core collateral, exchange rate, or liquidation calculation mixes token amounts of different decimal precisions without explicit normalization.

**Common gray cases** This factor is gray for single-asset protocols where all token amounts share the same decimal precision and mixed-decimals arithmetic is structurally impossible.

Measurement what to look for #

Determine whether shared numerator/denominator arithmetic operates over tokens with different decimals without WAD/RAY normalization or explicit decimal-adjustment.

Data & output #

Data source

Slither + manual source review; search for multi-token arithmetic paths in Etherscan-verified source

Output format

Green / Yellow / Red

Evidence artifact

Source excerpt with annotated arithmetic path + curator sign-off

Confidence signal

green = all cross-decimal arithmetic uses explicit normalization; yellow = potential issue in low-TVL market only; red = confirmed un-normalized cross-decimal arithmetic in live market; gray = source unverified

Scored protocols 80 carry this factor #

Protocol RD-F-017

Aave v3 ethereum green Across Protocol ethereum yellow Aerodrome Finance base green Axelar Network ethereum yellow Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum yellow BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum gray Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum yellow Chainlink CCIP ethereum gray Circle USYC binance gray Compound V3 (Comet) ethereum green Concrete ethereum gray Convex Finance ethereum gray crvUSD (Curve Stablecoin) ethereum gray Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx gray EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum gray Fluid ethereum green Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum yellow Hyperliquid arbitrum green Jito solana green Jupiter solana gray Jupiter Perpetual Exchange solana gray JustLend DAO tron not_applicable Kamino Lend solana green Kinetiq hyperliquid yellow Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc yellow Lombard Finance ethereum gray M^0 ethereum green Maple Finance ethereum yellow Marinade Finance solana gray Meteora solana gray mETH Protocol ethereum gray Midas ethereum yellow Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum yellow OpenEden ethereum gray Orca solana green PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon green QuickSwap polygon green Raydium solana green Rocket Pool ethereum green Sanctum solana green Save (formerly Solend) solana yellow Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum gray StakeWise v3 ethereum green Stargate Finance ethereum green stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron gray Superstate ethereum gray Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum gray Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron green Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum green Venus Protocol bsc green Wormhole ethereum green Yearn Finance ethereum green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-017 category 1 carried 80 critical no