Code4renaCODE423N4:2022-10-INVERSE-FINDINGS-ISSUES-598Divide before multiply
Vulnerability details
division before multiply
Impact
Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision.
Proof of Concept
In general, this is a problem due to precision.
In this case, it also affects balance of the protocol, what makes me suggest high severity, as users can withdraw more than expected as minimumCollateral would get rounded down.
The amount of collateral needed in minimumCollateral to be less than expected, making the user able to withdraw more than expected in getWithdrawalLimitInternal and getWithdrawalLimit
minimumCollateral = debt * 1000000000000000000 / oracle.viewPrice(address(collateral),collateralFactorBps) * 10000 / collateralFactorBps
<https://github.com/code-423n4/2022-10-inverse/blob/cc281e5800d5860c816138980f08b84225e430fe/src/Market.sol#L360>
<https://github.com/code-423n4/2022-10-inverse/blob/cc281e5800d5860c816138980f08b84225e430fe/src/Market.sol#L377>
Also, this would affect fees of the protocol in liquidate() as liquidationFee can be truncated, making the amount collected less than expected.
liquidationFee = repaidDebt * 1000000000000000000 / price * liquidationFeeBps / 10000
The replenisherReward, the liquidatorReward to be less than expected affecting reward.
replenishmentCost = amount * dbr.replenishmentPriceBps() / 10000
replenisherReward = replenishmentCost * replenishmentIncentiveBps / 10000
liquidatorReward = repaidDebt * 1000000000000000000 / price
liquidatorReward += liquidatorReward * liquidationIncentiveBps / 10000
Recommended Mitigation Steps
Reorder the operations. For more info: <https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply>
The text was updated successfully, but these errors were encountered:
š 1 neumoxx reacted with confused emoji
All reactions
- š 1 reaction