Rounding Error in _getWeights Function of some rules like MomentumUpdaterule.sol
Summary
In the _getWeights function of MomentumUpdaterule.sol, performing division before multiplication can lead to rounding errors. These errors may cause incorrect results, such as zero values or large discrepancies.
The division operation is performed using ONE.div(locals.denominator), where locals.denominator is derived from the moving average or price data (which are read from oracles). Given that the denominator can exceed 1e18 (due to the 18 decimal precision of oracle prices), the result of ONE.div(locals.denominator) can lead to a value of zero when the denominator is sufficiently large, causing errors in subsequent calculations.
NOTE:
Same issue is in other rules like PowerChannelUpdateRule.sol and DifferenceMomentumUpdateRule.
Vulnerability Details
The denominator data comes from the oracle, which fetches prices and converts them to 18 decimals.
(UpdateWeightRunner gets this oracle data and passes it to rules to calculate new weights). However, as seen in the code below, div before mul can cause rounding to zero, leading to incorrect weight calculations.
Impact
Rounding errors during division could lead to zero values, resulting in incorrect weight calculations.
Tools Used
vscode
Recommendations
Perform the multiplication before division to minimize rounding errors. This would ensure that any large values in the denominator are handled more accurately before the division takes place.
Lead Judging Commences
invalid_Rules_getWeights_precision_loss_div_mul
## [Low-24] Divide before multiply
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.