Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Inconsistent Rounding Methods in Financial Calculations Across Contracts

n3smaro

Summary

The smart contracts exhibit inconsistent rounding practices when calculating financial amounts such as collateral deposits and refunds. This inconsistency arises from using both Math.Rounding.Ceil and Math.Rounding.Floor in different parts of the code, potentially leading to discrepancies in financial transactions and impacting accuracy.

Vulnerability Details

The PreMarkets contract exhibits variability in rounding methods used for financial calculations:

  • Some functions use Math.Rounding.Ceil (rounding up), while others use Math.Rounding.Floor (rounding down).

  • This inconsistency is particularly evident in functions like createOffer, listOffer, and abortAskOffer, where both rounding methods are applied interchangeably.

In contrast, the DeliveryPlace contract predominantly uses Math.Rounding.Floor for calculations such as collateral fees and refunds.

For example:

collateralFee = OfferLibraries.getDepositAmount(
offerInfo.offerType,
offerInfo.collateralRate,
offerInfo.amount,
true,
Math.Rounding.Floor
);
makerRefundAmount = OfferLibraries.getDepositAmount(
offerInfo.offerType,
offerInfo.collateralRate,
offerInfo.amount,
true,
Math.Rounding.Floor
);
/// @dev transfer collateral from _msgSender() to capital pool
uint256 transferAmount = OfferLibraries.getDepositAmount(
params.offerType,
params.collateralRate,
params.amount,
true,
Math.Rounding.Ceil
);
uint256 transferAmount = OfferLibraries.getDepositAmount(
offerInfo.offerType,
offerInfo.collateralRate,
remainingAmount,
true,
Math.Rounding.Floor
);
uint256 totalUsedAmount = offerInfo.amount.mulDiv(
offerInfo.usedPoints,
offerInfo.points,
Math.Rounding.Ceil
);
uint256 totalDepositAmount = OfferLibraries.getDepositAmount(
offerInfo.offerType,
offerInfo.collateralRate,
totalUsedAmount,
false,
Math.Rounding.Ceil
);

These discrepancies can lead to differences in the expected and actual amounts processed, affecting the accuracy of financial transactions and potentially leading to unintended financial losses or operational issues.

Impact

  • Financial Discrepancies: Users may experience discrepancies between the expected and actual amounts processed due to inconsistent rounding methods, potentially leading to overpayments or underpayments.

  • Operational Issues: Inaccurate financial processing can lead to operational challenges, including disputes and financial imbalances.

Tools Used

Manual Code Review

Recommendations

Ensure that all financial calculations use a consistent rounding method throughout all contracts to avoid discrepancies.

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-Rounding-Direction

Duplicate of #456, however, for issues noting rounding directions, will be low severity given the impact is not proven sufficiently with a PoC/numerical example and most rounding will not result in significant losses e.g. most examples only proved at most a 1 wei difference when computing `depositAmount/platFormFees` and involves lower amount offers

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.