Beanstalk Part 2

Beanstalk

DeFiHardhat

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Precision loss in `remainingRecapitalization()`

tigerfrake

Summary

The potential precision loss in the provided remainingRecapitalization() function occurs due to the intermediate division operation.

Vulnerability Details

https://github.com/Cyfrin/2024-04-beanstalk-2/blob/27ff8c87c9164c1fbff054be5f22e56f86cdf127/protocol/contracts/libraries/LibFertilizer.sol#L182-L195

function remainingRecapitalization()

internal

view

returns (uint256 remaining)

{

AppStorage storage s = LibAppStorage.diamondStorage();

uint256 totalDollars = C

.dollarPerUnripeLP()

.mul(C.unripeLP().totalSupply())

.div(DECIMALS);

totalDollars = totalDollars / 1e6 * 1e6; // round down to nearest USDC

if (s.recapitalized >= totalDollars) return 0;

return totalDollars.sub(s.recapitalized);

}

Here:

totalDollars = totalDollars / 1e6 * 1e6;

This division and multiplication by 1e6 aims to round down totalDollars to the nearest USDC. However, this operation could result in precision loss due to truncation during the division process.

Impact

This imprecision could result in wrong calculations such as calculation of how many new Deposited Beans will be minted in addUnderlying() where remainingRecapitalization() is used i.e:

https://github.com/Cyfrin/2024-04-beanstalk-2/blob/27ff8c87c9164c1fbff054be5f22e56f86cdf127/protocol/contracts/libraries/LibFertilizer.sol#L89-L92

// Calculate how many new Deposited Beans will be minted

uint256 percentToFill = usdAmount.mul(C.precision()).div(

remainingRecapitalization() // @audit Above imprecision introduced here

);

Tools Used

Manual Review

Recommendations

function remainingRecapitalization() internal view returns (uint256 remaining) {

AppStorage storage s = LibAppStorage.diamondStorage();

uint256 totalDollars = C.dollarPerUnripeLP().mul(C.unripeLP().totalSupply()).div(DECIMALS);

// Round down totalDollars to the nearest USDC precision

totalDollars = (totalDollars * 1e6) / 1e6; // @audit-info Correct operation

// Check if recapitalized amount exceeds or equals total dollars, if yes, remaining is 0

if (s.recapitalized >= totalDollars)

return 0;

else

return totalDollars - s.recapitalized;

}

This way, the multiplication operation is carried out first, followed by the division, maintaining precision.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Precision loss

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

1,991

18 USDC / LOC

High Medium

30,000 USDC

Low

1,500 USDC

Judges

3,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.