DeFiHardhat
12,000 USDC
View results
Submission Details
Severity: low
Invalid

Precision Loss Due to Reserve Value Truncation

Summary

The LibLastReserveBytes library truncates the last 3 bytes of bytes16 reserve values to fit within a single storage slot, potentially causing a loss of precision.

Vulnerability Details

The storeLastReserves function converts uint256 reserve values to bytes16 and then stores only the first 104 bits of each value. This is evident in the following code snippet:

assembly {
sstore(slot, or(or(shl(208, lastTimestamp), shl(248, n)), shl(104, shr(152, mload(add(reserves, 32))))))
}

The shl(104, shr(152, mload(add(reserves, 32)))) operation shifts the reserve value right by 152 bits (to truncate the last 3 bytes) and then left by 104 bits to align it in the storage slot. This operation is designed for gas efficiency but at the cost of losing the least significant bytes of the reserve value.

Impact

The impact of this precision loss could be significant in financial calculations, potentially leading to incorrect valuations or imbalances in the contract's economic mechanisms.

Tools Used

manual

Recommendations

To mitigate this issue, consider storing the full bytes16 reserve values without truncation. If gas efficiency is a concern, implement a more efficient storage pattern that allows for the full precision of reserve values without exceeding storage constraints.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Informational/Invalid

daniel526 Submitter
about 1 year ago
giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.