Part 2

Summary

The calculation for credit delegation uses a division operation first (i.e., creditDelegationShareX18 = weight / totalWeight), followed by a multiplication (creditDelegationShareX18 * vaultCreditCapacityUsdX18). When weight / totalWeight is extremely small (less than 1e‑18 in PRBMath’s 18‐decimal fixed‐point system), it gets truncated to zero. As a result, even if vaultCreditCapacityUsdX18 is large, the final result remains zero because the fractional portion was lost at division time.

Vulnerability Details

• Division Truncation: In fixed‐point arithmetic (UD60x18), any decimal part below 1e‑18 becomes zero.

• Order of Operations: Performing (weight / totalWeight) first can yield a tiny fraction that is truncated to 0. Multiplying afterward by a large number cannot “bring back” a fraction that has already collapsed to zero.

Example

• weight = 1

• totalWeight = 5e25

• vaultCreditCapacityUsdX18 = 1e12

1. Current Approach (Division First)

   creditDelegationShareX18 = weight / totalWeight; // 1 / 5e25 = 2e-26 → truncated to 0

   newCreditDelegationUsdX18 = creditDelegationShareX18 * 1e12; // 0 * 1e12 = 0

   ​

2. Recommended Approach (Multiplication First)

   newCreditDelegationUsdX18 = (weight * vaultCreditCapacityUsdX18) / totalWeight;

   // (1 * 1e12) / 5e25 = 2e-14 (not zero, stored correctly in fixed-point)

   ​

Impact

• Under‐Allocation for Small Weights: Participants or markets with small weight values end up with zero credit delegation instead of the minimal fraction they should receive.

• Skewed Distribution: Over time, repeated truncations can compound, causing unfairness or inaccuracies in the system’s accounting of delegated credit.

• Potential Fund Loss: If the system relies on precise delegation amounts for liquidation, reward distribution, or other critical operations, the inaccuracies may cause users to miss out on funds they are entitled to.

Tools Used

• Manual Code Review: The logical order of operations and PRBMath’s 18‐decimal fixed‐point behavior were inspected directly in the source code.

• Numerical Example Analysis: A small test scenario was constructed to demonstrate how truncation to zero can occur.

Recommendations

1. Reorder Arithmetic: Multiply first (i.e., (weight * vaultCreditCapacityUsdX18) / totalWeight) so that small but valid fractions are not truncated away.

2. Threshold for Small Weights: Optionally implement a minimum weight threshold to avoid extremely tiny delegations that would unavoidably be truncated.

3. Review All Fixed‐Point Operations: Check other places where division might happen before multiplication, to reduce any similar truncation issues.