DeFiHardhat
12,000 USDC
View results
Submission Details
Severity: low
Invalid

Loss of Precision in `LibMath:sqrt` and `LibMath:nthRoot` due to Calculations with Non-Decimal Numbers

Summary

The vulnerability arises from the use of sqrt and nthRoot functions in contracts to calculate roots without integrating decimal numbers, resulting in a loss of precision.

Vulnerability Details

Without using decimal numbers is impossible to prevent vulnerability like this.

Proof of Code

function test_PoC_nthRoot_sqrtMatch() public {
assertEq(LibMath.nthRoot(131, 2), 11); // real result is 11.46
}

Impact

This vulnerability occurs consistently whenever the nthRoot or sqrt function is utilized. Each occurrence poses a risk of financial loss to contracts or users.

Tools Used

Manual Review

Recommendations

Consider employing floating-point numbers to mitigate vulnerabilities of this nature.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.