# Tutorial 19: 18 Decimal Assumption {% hint style="info" %} [**Book an audit with Zokyo**](https://www.zokyo.io/) {% endhint %} {% hint style="info" %} **Incorrect Decimal Assumption in ERC20 Tokens & Mitigation Techniques:** An Essential Guide for Blockchain Auditors. This comprehensive tutorial is designed to equip blockchain auditors, developers, and newcomers with the crucial knowledge required to identify and mitigate vulnerabilities related to incorrect decimal assumptions in ERC20 token-based smart contracts. Through a series of real-world examples and effective mitigation strategies, this tutorial serves as a deep-dive resource for understanding, spotting, and resolving these often-overlooked but potentially severe security risks. {% endhint %} ERC20 tokens have been pivotal in the Ethereum network's growth, serving as the foundational assets for numerous DeFi applications and projects. These tokens operate under a set of standardized functions and properties, one of which is the 'decimals' property. The 'decimals' property determines how the token can be subdivided, with 18 decimals being a common configuration for many tokens. However, this isn't a one-size-fits-all scenario. The critical issue arises when smart contracts interact with ERC20 tokens and make a faulty assumption that all tokens have 18 decimals, which is not universally true. Tokens can have decimals ranging from 0 to 18, and smart contracts that interact with these tokens must account for this variability to function correctly. Incorrect decimal assumptions can lead to calculation errors, undervalued transactions, and other significant malfunctions, which are not merely theoretical but have manifested in real-world scenarios, as evidenced by various smart contract audits and bug bounties. In this tutorial, we'll delve deep into the vulnerabilities caused by incorrect decimal assumptions in ERC20 tokens. Drawing from real audit findings and bug bounty programs, we’ll showcase how these vulnerabilities can occur and explore their potential impacts. Furthermore, we'll take a close look at tried-and-tested mitigation techniques specifically designed to prevent incorrect decimal assumption vulnerabilities. Correct implementation of these techniques is paramount, and we’ll guide you through the process to ensure you can protect assets and preserve the integrity of smart contracts efficiently and effectively. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-19-18-decimal-assumption.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.