The Standard

The Standard
DeFiHardhat
20,000 USDC
View results
Submission Details
Severity: low
Valid

Precision loss in ``costInEuros`` calculation.

Summary

There is a precision loss issue in costInEuros calculation.

Vulnerability Details

The distributeAssets() of LiquidationPool.sol contract calculates `costInEuros`` as below:

uint256 costInEuros = _portion * 10 ** (18 - asset.token.dec) * uint256(assetPriceUsd)
/ uint256(priceEurUsd) * _hundredPC / _collateralRate;

Notice, there is division before multiplication here:

.... / / uint256(priceEurUsd) * _hundredPC / _collateralRate

This can cause loss of precision.

costInEuros amount will be calculated less than it actually is. Thus, This check can never be reached:

...
if (costInEuros > _position.EUROs) {
_portion = _portion * _position.EUROs / costInEuros;
costInEuros = _position.EUROs;
}
_position.EUROs -= costInEuros;

Which results in _position not being completely removed in case that the euro cost of the portion of position stake that user should have is actually less than the euros that user active position has.

Impact

Position can never be liquidated.

Tools Used

Manual Analysis

Recommendations

The code should be modified as below:

uint256 costInEuros = _portion * 10 ** (18 - asset.token.dec) * uint256(assetPriceUsd) * _hundredPC
/ uint256(priceEurUsd) / _collateralRate;
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

precision

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.