Potential precision loss due to integer division in `MultiHopOracle._getData`
Summary
Potential precision loss due to integer division in MultiHopOracle._getData
Vulnerability Details
When oracleConfig.invert is true, data is updated using integer division data = (data * 10 ** 18) / oracleRes. This can result in significant precision loss if oracleRes is larger than data, which can affect price feeds negatively, especially in multi-hop oracles.
https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-quantamm/contracts/MultiHopOracle.sol
Impact
If oracleRes is greater than data during an inverted hop, dividing by oracleRes will truncate the result, resulting in a less accurate price feed.
Tools Used
vscode
Recommendations
Use FixedPoint library or perform division as the last step of multiplication to better maintain precision in division operation.
Lead Judging Commences
finding_MultiHopOracle_getData_invert_precision_loss_low_decimals
Likelihood: Informational/Very Low, admin should use a price feed with 18 decimals and this feed should compare a assets with a very small value and an asset with a biggest amount to have the smallest price possible. Admin wouldn't do that intentionally, but one token could collapse, and with multiple hop, it increases a bit the probability. Impact: High, complete loss of precision. Probability near 0 but not 0: deserve a Low
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.