Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-12-TIGRIS-FINDINGS-ISSUES-629
HistoryDec 16, 2022 - 12:00 a.m.

Truncate of values can be avoided

2022-12-1600:00:00
Code4rena
github.com
4
solidity
integer division
precision loss
multiplication
assets
fees
payouts
positions size
JSON

Lines of code
<https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/Trading.sol#L780&gt;
<https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/utils/TradingLibrary.sol#L38-L40&gt;
<https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/utils/TradingLibrary.sol#L64&gt;
<https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/utils/TradingLibrary.sol#L38-L48&gt;

Vulnerability details

Truncate of values can be avoided

Summary

Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision.

Details

In general, this is a problem due to precision. In this case, it also affects assets, that makes me suggest High, as this operations are performed frecuently

Impact

Less fees, payouts, smaller prices and also size of positions may happen as result of this

Proof of Concept

Affecting fees and prices:
<https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/Trading.sol#L779&gt;
_daoFeesPaid = (_positionSize * _fees.daoFees / DIVISION_CONSTANT) * asset.feeMultiplier / DIVISION_CONSTANT

<https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/Trading.sol#L780&gt;

_burnFeesPaid = (_positionSize * _fees.burnFees / DIVISION_CONSTANT) * asset.feeMultiplier / DIVISION_CONSTANT

<https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/utils/TradingLibrary.sol#L38-L40&gt;

First is called
_initPositionSize = _margin * _leverage / 1e18

And then used to calculate the _payout
_payout = int256(_margin) + int256(_initPositionSize * (1e18 * _currentPrice / _price - 1e18) / 1e18) + accInterest

<https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/utils/TradingLibrary.sol#L64&gt;

_liqPrice = _tradePrice - ((_tradePrice * 1e18 / _leverage) * uint256(int256(_margin) + _accInterest) / _margin) * _liqPercent / 1e10

Not affecting assets directly:
<https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/utils/TradingLibrary.sol#L38-L48&gt;

_initPositionSize = _margin * _leverage / 1e18

That then is used in:
_positionSize = _initPositionSize * _currentPrice / _price

Tools

Slither + manual analysis

Recommended Mitigation Steps

Reorder the operations for avoiding lack of precision
For example
_daoFeesPaid = (_positionSize * _fees.daoFees / DIVISION_CONSTANT) * asset.feeMultiplier / DIVISION_CONSTANT

would be

_daoFeesPaid = (_positionSize * _fees.daoFees * asset.feeMultiplier) / (DIVISION_CONSTANT * DIVISION_CONSTANT)

The text was updated successfully, but these errors were encountered:

All reactions

JSON