Precision loss in while calculating the average price of tokens in euros
Summary
Division before multiplication causes precision loss in PriceCalculator::tokenToEurAvg().
Vulnerability Details
When Calculating the average price of tokens in euros, division before multiplication truncates the returned price in PriceCalculator::tokenToEurAvg() and incurs precision loss.
This function uses collateralUsd when calculating the returned value where the collateralUsd is calculated by multiplying scaledCollateral with avgPrice(4, tokenUsdClFeed).
This clearly shows that avgPrice() does a division before multiplying scaledCollateral to get collateralUsd which in his turn is divided by uint256(eurUsdPrice) to get the returned value.
Impact
PriceCalculator::tokenToEurosAvg() may not return the correct average price of tokens in euros due to precision loss.
This leads to various impacts in the protocol :
miscalculation of euro collateral in
SmartVaultV3::euroCollateral().incorrect collateral value in
SmartVaultV3::getAssets().users may have lower minted shares than they should because of
SmartVaultV3::maxMintable()usingSmartVaultV3::euroCollateral().
Tools Used
Manual review
Recommendations
Make sure to multiply first before division to prevent precision loss.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.