Precision loss favoring user on the amount transfered to protocol in `withdrawMarginUsd`
Summary
When UD60X18 amounts are converted back to token amounts within convertUd60x18ToTokenAmount, value is simply truncated, and do not take into account if the decimal should have been rounded up.
Vulnerability Details
The MarginCollateralConfiguration::convertUd60xx18ToTokenAmount set back a 18 decimal value to a lower decimal representation, which simply truncate the additional decimals from the final representation:
This means that for example, if ud60x18Amount = 123456789999999999 and self.decimals = 8, the returned value will be 12345678, ditching the fractional part which is 0.9999999999.
The issue is that when called in TradingAccount::withdrawMarginUsd, this is applied on a value that is transfered to the recipient, which is in all occurences where the function is called a protocol address.
Each time the withdrawMarginUsd will be called in TradingAccount::deductAccountMargin, a protocol unfavorable transfer will occur, which will add up over time.
The higher the volume of the protocol will get, the higher the losses will compound over time.
Impact
Precision loss against protocol when calculating amount to transfer from user, compounding over time on each transfer.
Tools Used
Manual review
Recommendations
Add a parameter to select rounding direction for convertUd60x18ToTokenAmount
Lead Judging Commences
convertUd60x18ToTokenAmount heavily truncates
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.