Lines of code

Vulnerability details

Impact

Breaks the core functionality of the Liquidation Pair contract.

Usage of wrong formula for calculation of Continuous Gradual Dutch Auction results in wrong calculation of purchase price which is basically used to find the swapAmountIn during liquidations .

Proof of Concept

Statements from PoolTogether Code4rena docs:

The LiquidationPair prices yield liquidations using a periodic Continuous Gradual Dutch Auction. It’s periodic in the sense that the auction runs in periods that will be aligned with the prize pool periods. At the beginning of each period, the CGDA adjusts the emissions rate and target price so that it adapts to changing market conditions.

PoolTogether implementation of Continuous Gradual Dutch Auction uses formula:

(k/(r))*(e**((lambda)*q)/r)-1)/(e**((lambda)*T)) 

at:
<https://github.com/GenerationSoftware/pt-v5-cgda-liquidator/blob/7f95bcacd4a566c2becb98d55c1886cadbaa8897/src/libraries/ContinuousGDA.sol#L39&gt;

The original formula of Continuous Gradual Dutch Auction:

(k/(lambda))*(e**((lambda)*q)/r)-1)/(e**((lambda)*T)) 

First Term is k/(lambda) not (k/®.

Reference :

Official Paradigm Article on CGDA’s which shows the correct formula

Official Github Link of Correct Implementaion of CGDA’s by Paradigm

Tools Used

Manual Review

Recommended Mitigation Steps

Reimplement the first term of Formula as k/(lambda) that is k.div(_decayConstant).

Assessed type

Error

---

The text was updated successfully, but these errors were encountered:

All reactions