The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Division before multiplication leads to Rounding issue.

pavankv

Summary

In Solidity division can result in rounding down errors, hence to minimize any rounding errors we always want to perform multiplication before division.

Vulnerability Details

uint256 costInEuros = _portion * 10 ** (18 - asset.token.dec) * uint256(assetPriceUsd) /uint256(priceEurUsd)
* _hundredPC / _collateralRate;

In above code we can see the priceEurUsd will divides afterwards it will multiplied by _hundredPC this will make less precision than expected.

Take a scenario :-

price = 8965

rate = 20

function multiplyBef( uint256 price , uint256 rate) public pure returns(uint) {
return (price * rate / (100));
}
function DivBefore(uint price ,uint256 rate ) public pure returns(uint){
return (price / 100 * rate);
}

Output

DivBefore = 1780

multiplyBef = 1793

We can observe multiplyBef gives accurate output but DivBefore gives -13. Solidity doesn't support floating points.

Impact

By doing the division before multiplication leads to rounding issues.

Tools Used

Manual View

Recommendations

uint256 costInEuros = _portion * 10 ** (18 - asset.token.dec) * uint256(assetPriceUsd) * _hundredPC / uint256(priceEurUsd) / _collateralRate;

We can make division after multiplication which can mitigate rounding related issues as much as possible. The computations can be much more complex and forming them into a multiplication first formula can be challenging at times

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

precision

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.