https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/LibFertilizer.sol#L236-L249
The comment suggests that the intention is to round down to the nearest USDC, but the operation performed does not effectively change the value of totalDollars. The division and multiplication by 1e6 cancel each other out, assuming no integer overflow, leaving totalDollars unchanged.
`/**
* @dev Returns the total dollar amount needed to recapitalize Beanstalk
* for the supply of Unripe LP.
* @param urLPsupply The supply of Unripe LP.
* @return totalDollars The total dollar amount.
*/
function getTotalRecapDollarsNeeded(uint256 urLPsupply) internal pure returns(uint256) {
uint256 totalDollars = C
.dollarPerUnripeLP()
.mul(urLPsupply)
.div(DECIMALS);
totalDollars = totalDollars / 1e6 * 1e6; // round down to nearest USDC
return totalDollars;
}`
To correctly round down to the nearest whole number, you should use integer division properties directly without the unnecessary division and multiplication by 1e6. If totalDollars is meant to be rounded to the nearest million (as the code might suggest but does not accomplish), you would adjust the logic as follows:
totalDollars = (totalDollars / 1e6) * 1e6; // correctly round down to nearest million USDC
there will be more totalDollars than intended for protocol since the rounding down does not work. this leads to loss for the protocol
Manual Review
+
totalDollars = (totalDollars / 1e6) * 1e6; // correctly round down to nearest million USDC
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.