Uniswap TWAP Price discounted
Summary
Twap return price could return the wrong value on conversion to eth scaling factor of 1**18.
Vulnerability Details
The code expression below tries to convert the price returned by the uniswap twap oracle from the scaling factor of usdc to Eth, which is 10 ** 6 to 10**18.
uint256 twapPriceInEther = (twapPrice / Constants.DECIMAL_USDC) * 1 ether;
The challenge with this expression is that EVM does not handle decimals, and as a result rounds down everything after the decimals. So to avoid this peck of the EVM, to perform such operations as above, it expected to multiply the expression before dividing. That way the value involved will remain true to its current state and not truncated:
POC:
WETH/USDC = 1632190000
On the EVM = 1632190000 / 10** 6 = 1632;
outside the EVM = 1632190000 / 10**6 = 1632.19;
Meaning on the EVM the price is reduced by 0.19....
Impact
User gets discounted price of an asset
Tools Used
Manual
Recommendations
Multiply before division like so below.
uint256 twapPriceInEther = (twapPrice * 1 ether) / Constants.DECIMAL_USDC;
Ex.
EVM = 1632190000 * 10 ** 18 / 10 ** 6
The True value of the asset is maintained.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.