Dust amounts can introduce precision errors in chop function
Summary
Lack of threshold for (minTransferAmount) dust amounts can introduce precision errors in chop accounting. It's a known solidity behaviour, burning dust amounts are often not picked up by solidity
leading to the burning of unripeToken (at rate of dust amounts) but not the adjusting of underlyningAmount or underlyningToken transferred.
This can introduce direct accounting errors and imbalances within the contract accounting.
Vulnerability Details
This line in chop function
is responsible for burning unripeToken. In addition,
If the amount being burned is very small (dust amount), it might lead to precision errors. Depending on how LibTransfer.burnToken handles small amounts, there might be issues like rounding errors and the line
The function LibChop.chop calculates the underlying token and amount based on the chopped (burned) amount. If the chopped amount is very small, the resulting underlyingAmount could also be very small, potentially resulting in zero or a negligible amount of the underlying token.
Impact
Attackers can use dust amounts to inject imbalances or errors into the contract accounting.
Tools Used
Manual Review, Sol2Uml, VS-Code Surya
Recommendations
define a uint256 minTransferAmount = 100; // Set minimum transferable amount
Lead Judging Commences
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.