Division before multiplication result in wrong price / unexpected behaviour
Summary
Multiplication is performed on the result of a division, which can lead to precision errors due to the truncation of decimal points in Solidity.
Vulnerability Details
contracts/libraries/LibOracle.sol#85:
In LibOracle.baseOracleCircuitBreaker(uint256,uint80,int256,uint256,uint256) - line 85
performs a multiplication on the result of a division.
contracts/libraries/LibOrders.sol#39-57:
In LibOrders.increaseSharesOnMatch(address,STypes.Order,MTypes.Match,uint88) - line 51
also performs a multiplication on the result of a division.
Impact
These vulnerabilities can lead to incorrect calculations due to the loss of precision, which can have significant implications in a financial context (for example in the case of wrong "twapPriceInEther" calculation). The impact can range from minor discrepancies in value calculations to major financial losses, depending on the specific use case and the values involved.
Tools Used
Slither
Recommendations
To mitigate these vulnerabilities, consider rearranging the operations to perform multiplication before division. This can help to maintain precision and avoid potential rounding errors.
For example, can be used:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.