DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Protocol's calculation fails for `twapPrice < 1e6`

t0x1c

Summary

Protocol's calculation fails for twapPrice < 1e6

Vulnerability Details

As per developer comments:

File: contracts/libraries/LibOracle.sol
80 //@dev if there is issue with chainlink, get twap price. Compare twap and chainlink

However, protocol will not be able to fall back on twap & incorrectly always revert when twapPrice < 1e6, as division has been performed before multiplication, causing precision loss.

If twapPrice returned by the following line of code (L82) ever goes below 1e6,

uint256 twapPrice = IDiamond(payable(address(this))).estimateWETHInUSDC(
Constants.UNISWAP_WETH_BASE_AMT, 30 minutes
);

then in the next line, the twapPriceInEther is incorrectly calculated as zero:

uint256 twapPriceInEther = (twapPrice / Constants.DECIMAL_USDC) * 1 ether;

Multiplication should have been performed first, followed by division.


Example:
Assume twapPrice returned to be 1e6 - 1 = 999999. The twapPriceInEther calculated should ideally be:

CORRECT FORMULA:

twapPriceInEther = (999999 * 1 ether) / Constants.DECIMAL_USDC = (999999 * 1e18) / 1e6 = 999999000000000000000000 / 1e6 = 999999000000000000

However, the protocol incorrectly calculates it as:

INCORRECT FORMULA:

twapPriceInEther = (999999 / 1e6) * 1e18 = 0 * 1e18 = 0

Impact

Protocol not able to fall back on twap when twapPrice < 1e6.

Tools Used

Manual review

Recommendations

Perform multiplication before division:

- uint256 twapPriceInEther = (twapPrice / Constants.DECIMAL_USDC) * 1 ether;
+ uint256 twapPriceInEther = (twapPrice * 1 ether) / Constants.DECIMAL_USDC;
Updates

Lead Judging Commences

0xnevi Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-535

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.