Tadle

Summary

Many function uses a ceiling (ceil) operation when calculating token transfers. This can result in rounding up the amount in the favour of user not in vault, allowing user to transfer fewer tokens than expected, potentially leading to an underpayment.

Vulnerability Details

several calculations involve a ceil operation to determine the token amounts that need to be transferred. The ceil operation rounds up the result, which means that users might end up transferring fewer tokens than required by the original fractional calculation.

For instance, when computing the deposit amount is uses Math.Rounding.Ceil, the result is rounded up to the nearest integer. As a result, the total tokens required for the transaction could be underestimated, allowing the user to transfer fewer tokens while still meeting the contract’s requirements.

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L92

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L215

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L612

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L826

Impact

This rounding issue can lead to the contract receiving fewer tokens than it should, which can result in underfunded deposits

Tools Used

Manual review.

Recommendations

Review the use of the ceil operation in the createTaker and _depositTokenWhenCreateTaker functions, Consider whether rounding up is necessary otherwise round-down .