GHSA-WQ9X-QWCQ-MMGF Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...

Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...

Loss of precission when calculating the accumulated CANTO per share

Lines of code Vulnerability details Impact When calculating the amount of CANTO per share in updatemarket, dividing by 1e18 in cantoReward and multiplying by the same value in accCantoPerShare rounds down the final value, making the amount of rewards users will receive be less than expected. Proo...

Some buyers wont get expected tokens minted due to precision loss

Lines of code Vulnerability details Impact The ERC20TokenEmitter.buyToken mints tokens according to the configured bps per address. This is due to the below code's implementation in buyToken function. for uint256 i = 0; i 0 // transfer tokens to address mintaddressesi, uint256totalTokensForBuyers...

Handling Potential Slippage Due to Truncation

Lines of code Vulnerability details Impact The potential slippage issue arises from the precision loss during decimal conversion in the primitiveOutputAmount function. When interacting with the Curve Tricrypto Pool, especially involving tokens with different decimal precisions, truncation can lea...

Precision loss in getRSETHPrice

Lines of code Vulnerability details Impact Precision loss and return zero price by Oracle Proof of Concept Since the value of staked ether increases, the price of RSETH goes above ETH price and leads to a precision loss in the getRSETHPrice function of the oracle, and RSETH price becomes zero...

Precision loss in getRsETHAmountToMint

Lines of code Vulnerability details Impact users may lose their assets Proof of Concept The price of rsETH increases against ETH price, this leads to precision loss in getRsETHAmountToMint. Consider a scenario that one rsETH worth 10 ETH; now if a user tries to deposit 9 ETH he losses assets due ...

accure interest function is likely failed to accure interest for token with low decimal

Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; uint256 interestRate = IIRMirm.getInterestRateaddressthis, trancheIndex, totalDeposit, totalBorrow; interestAmount =...

Liquidity providers may recieve wrong rewards due to loss of precision in the calculation of currWeek and nextWeek.

Lines of code Vulnerability details Throughout LiquidityMining.sol the values for currWeek and nextWeek are generated using the lastAccrued timestamp embedded in a local variable time. currWeek is determined by uint32 currWeek = uint32time / WEEK WEEK; And nextWeek is calculated by uint32 nextWee...

Loss of interests due to loss of precision

Lines of code Vulnerability details Impact Users can lose accrued interest due to loss of precision during calculation. It is possible that the interestsvTokenuser.rewardIndex is changed and the interestsvTokenuser.accrued is never increased. Proof of Concept The interestsvTokenuser.rewardIndex a...

Precision Error in getPrice due to Omission of Last Day's Interest

Lines of code Vulnerability details The code attempts to calculate the price based on the interest from the previous day by using range.end - 1. However, if the last day represented by range.end has fully passed, the interest for this day is never taken into account. Over time, these slight...

_getUtility function may be vulnerable to precision loss

Lines of code Vulnerability details Impact When calculating r0 and r1 in the getUtility function precision loss may occur due to the use of the standard devision operator / instead of the devision functions of ABDKMath64x64. As the other values in the equation make use of the library's methods if...

Potential Precision Loss in claimFee() due to Division Before Multiplication

Lines of code Vulnerability details Impact The function claimFee may result in precision loss when calculating the addedValue variable. This issue arises due to division being performed before multiplication, leading to the possibility of truncated values and incorrect results. Proof of Concept T...

Divide before multiply

Lines of code Vulnerability details Impact Solidity's integer division truncates. Thus, performing division before multiplication can lead to precision loss. Proof of Concept Tools Used Recommended Mitigation Steps Consider ordering multiplication before division. Assessed type Math --- The text...

Division before Multiplication could incur unnecessary precision loss

Lines of code Vulnerability details Impact Division before multiplication could incur unnecessary precision loss causing loss of funds. Proof of Concept In the dynamicQuorumVotes function of NounsDAOV3DynamicQuorum.sol contract the value of againstVotesBPS is first calculated by dividing a value ...

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

Lines of code Vulnerability details Impact When Calcuting the minOut before doing trade, Division before multiplication truncate minOut and incurs heavy precision loss, then very sub-optimal amount of the trade output can result in loss of fund from user because of the insufficient slippage...

Upgraded Q -> 2 from #29 [1679672352018]

Judge has assessed an item in Issue 29 as 2 risk. The relevant finding follows: M-02 Division before multiplication incurs unnecessary precision loss 29 --- The text was updated successfully, but these errors were encountered: All reactions...

Division before multiply results in precision loss

Lines of code Vulnerability details Impact Precision loss occurs when division is carried out before multiplication, that can affect gas calculation in terms of publishing the data to L1. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps Recommendation is made for avoiding...

Malicious users can claim BYTES rewards after withdrawing all of their LP stake

Lines of code Vulnerability details Impact Users are able to continue claiming BYTES rewards indefinitely on their initials points after withdrawing all of their LP stake. Proof of Concept A user can withdraw all of their LP staked tokens in multiple steps with an amount 1e16. If the amount is...

Attacker can abuse rounding down to get reward without depositing anything in LP pool

Lines of code Vulnerability details Impact In function withdrawLP, it calculates the amount of points from the amount input parameter. unchecked uint256 points = amount 100 / 1e18 lpPosition.multiplier / DIVISOR; // Update the caller's LP token stake. lpPosition.amount -= amount; lpPosition.point...