First Flight #3: Thunder Loan
First Flight #3
Beginner FriendlyFoundryDeFiOracle
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Precision loss issues

aballok

Summary

Vulnerability Details

// 1. Get the current exchange rate
// 2. How big the fee is should be divided by the total supply
// 3. So if the fee is 1e18, and the total supply is 2e18, the exchange rate be multiplied by 1.5
// if the fee is 0.5 ETH, and the total supply is 4, the exchange rate should be multiplied by 1.125
// it should always go up, never down
// newExchangeRate = oldExchangeRate * (totalSupply + fee) / totalSupply
// newExchangeRate = 1 (4 + 0.5) / 4
// newExchangeRate = 1.125
uint256 newExchangeRate = s_exchangeRate * (totalSupply() + fee) / totalSupply();

uint256 newExchangeRate = s_exchangeRate * (totalSupply() + fee) / totalSupply();
Can be rewritten as 1 + (fee/totalSupply) so if fee < totalSupply this will always round down due to truncation to zero

There are also precision issues in the following code parts as indicated in links

uint256 amountUnderlying = (amountOfAssetToken * exchangeRate) / assetToken.EXCHANGE_RATE_PRECISION(); //line 174
uint256 mintAmount = (amount * assetToken.EXCHANGE_RATE_PRECISION()) / exchangeRate; //line 150

Impact

Exchange rate may not grow as expected e.g it may remain 1 as in solidity the 1.125 is not possible as illustrated in example. Additionall mint and underlying amounts to users suffer from precision loss disadvantigin them amounts

Tools Used

Manual Analysis

Recommendations

Introduce some precision factors e.g *10^precision to ensure e,g 1.125 is e,g 1125 and calculate appropriately
Or come up with some better scheme for precision handling and calculations and division aspects

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.