Slippage in `LibWellBdv.bdv()` overestimates Well LP price by at most 0.025%
Summary
LibWellBdv.bdv() is used to calculate BDV of Well LP token. It's calculated by removing 1 Bean from reserve and observing how much LP totalSupply was reduced. There is WELL_MINIMUM_BEAN_BALANCE = 1000e6 to not allow pricing with low reserves.
However at the minimum reserve LP's BDV will be overestimated by 0.025% as shown later.
Vulnerability Details
Here is formula used:
Let's take a test scenario where Well Function is ConstantProduct2, Bean reserve is 1000e6, USDC reserve is 1000e6
According to formula LpSupply is
sqrt(1000e6 * 1000e6 * 1e12) = 1000e12Actual LP price is
idealPrice = LpSupply / BdvOfReserves = 1000e12 / 2000 = 0.5e12. It means 0.5e12 Well LP is worth 1 BeanLet's calculate price using formula in
bdv():
actualPrice = lpSupplyBefore - lpSupplyAfter
lpSupplyAfter = sqrt((1000e6 - 1e6) * 1000e6 * 1e12) = 999.49987e12
actualPrice = 1000e12 - 999.49987e12 = 0.50013e12
Slippage is
slippage = actualPrice / idealPrice - 1 = 0.00026, but it was simplified during calculations so actual slippage is 0.025%.
Impact
In the worst scenario Well LP price will be overestimated by 0.025%. Therefore Silo will overestimate user's deposit of Well LP and grant more Stalk than it deserves impacting other users.
Tools Used
Manual Review
Recommendations
Refactor formula to reduce 1 wei Bean instead of 1e6 Bean to reduce slippage by 1e6 times:
Lead Judging Commences
Informational/Gas
Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.