Lose due to rounding. Use more precise library for mathematical operations

Lines of code Vulnerability details Impact The mulDivDown function, assumed to be from FixedPointMathLib, is likely designed to multiply two numbers and then divide the result, rounding down any remainders. This rounding down can result in minor discrepancies when converting between assets and...

Missing _checkAmountWithBalance check in deposit functions

Lines of code Vulnerability details Impact When computing the input or output amount of a swap checkAmountWithBalance is called to ensure that precision errors do not occur and that the pool does not lose any value. However, checkAmountWithBalance is not called in depositGivenInputAmount and...

Division before multiplication can lead to precision errors

Lines of code Vulnerability details Impact Since we are working with integer, if we divide before multiply, it can lead to precision errors. In this case, it can lead to error in quorum votes calculation in dynamicQuorumVotes function, allowing proposal be succeeded easier since quorumVote is...

BathToken with initial liquidity of 1 wei causes very expensive share price leading to precision errors and loss of funds

Lines of code Vulnerability details Impact The creator of a new BathToken is able to maliciously manipulate the share price by providing lowest possible amount 1 wei of liquidity initialLiquidityNew and then artificially blowing up the BathToken token balance. Following depositors will loose thei...

Initial StakedCitadel deposit with amount=1 wei causes very expensive share price leading to precision errors and loss of funds

Lines of code Vulnerability details Impact The first depositor into StakedCitadel is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the StakedCitadel Citadel token balance. Following depositors will loose their...

LiquidityPool:getAmountToTransfer() has incorrect calculation due to incorrect bracket placement

Lines of code Vulnerability details Impact In the scenario where the transfer fee exceeds the equilibrium fee, the excess gets credited to the incentive pool. The incentive pool fee added is incentivePooltokenAddress = incentivePooltokenAddress + amount transferFeePerc -...

Rebalance will fail due to low precision of percentages

Handle cmichel Vulnerability details The AssetManager.rebalance function has a check at the end to ensure that all tokens are deposited again: requiretoken.balanceOfaddressthis == 0, "AssetManager: there are remaining funds in the fund pool"; The idea is that the last market deposits all...

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with an affine transform and used as a clipping region for drawing...

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with...

Google Chrome - Swiftshader Blitting Floating-Point Precision Errors

Google Chrome - Swiftshader Blitting Floating-Point Precision Errors getInternalFormat == FORMATNULL return; ifblitReactorsource, sourceRect, dest, destRect, options return; SliceRectF sRect = sourceRect; SliceRect dRect = destRect; bool flipX = destRect.x0 destRect.x1; bool flipY = destRect.y0...

Google Chrome - Swiftshader Blitting Floating-Point Precision Errors

getInternalFormat == FORMATNULL return; ifblitReactorsource, sourceRect, dest, destRect, options return; SliceRectF sRect = sourceRect; SliceRect dRect = destRect; bool flipX = destRect.x0 destRect.x1; bool flipY = destRect.y0 destRect.y1; ifflipX swapdRect.x0, dRect.x1; swapsRect.x0, sRect.x1;...