First Flight #3: Thunder Loan

First Flight #3

Beginner FriendlyFoundryDeFiOracle

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

getCalculatedFee() can have a Rounding Error

benbo

Summary

getCalculatedFee() can return a fee with a rounding error.

Vulnerability Details

Do division before multiplication which can result in a rounding error.
(((amount*price) / feeprecision) * loanfee) / feeprecision -> this is a mult, divide, mult, divide

Impact

can result in the fee being lower than its true value. This fee is then passed to updateExchangeRate() to calculate the newExchangeRate. In rare cases this newExchange rate may be now smaller than or equal to the existing exchange rate, causing a revert in the subsequent check -> can impact the protocols ability to do flash loans.

No funds at risk so marked as low risk severity.

Tools Used

Recommendations

when calculating the fee, do all multiply operations before any divisions by feeprecision.

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

precision loss valueOfBorrowedToken

Rewards breakdown

nSLOC

387

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.