Beanstalk Part 2
Beanstalk
DeFiHardhat
35,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Inconsistent comparison in `getPercentDifference()`.

bladesec

Summary

getPercentDifference() might return an unexpected result as it returns different outputs for (x, y) and (y, x).

Vulnerability Details

getPercentDifference() is used in getWstethEthPrice() to compare chainlinkPrice with uniswapPrice.

getWstethEthPrice() will return a completely different price if the price difference between chainlinkPrice and uniswapPrice is within 1% range or not.

function getPercentDifference(
uint x,
uint y
) internal pure returns (uint256 percentDifference) {
percentDifference = x.mul(ONE).div(y);
percentDifference = x > y ? percentDifference - ONE : ONE - percentDifference; // SafeMath unnecessary due to conditional check
}

But this function seems wrong as it calculates the difference differently for (x, y) and (y, x).

For example, if (chainlinkPrice, uniswapPrice) = (100, 101), the difference will be 1 - 100 / 101 = 0.99% and it will be handled inside the if clause in getWstethEthPrice().

But if (chainlinkPrice, uniswapPrice) = (101, 100), the difference will be 101 / 100 - 1 = 1% and it will be handled differently.

Impact

getWstethEthPrice() might return an incorrect result due to the inconsistent price difference calculation.

Tools Used

Manual Review

Recommendations

Recommend refactoring getPercentDifference() to return the same result for (x, y) and (y, x).

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Percent difference

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.