Price impact miscalculation in vaultreader.sol due to integer division
Title
Price impact miscalculation in vaultreader.sol due to integer division
Summary
The getPriceImpactInCollateral function miscalculates price impact because it does not handle decimal precision scaling.
Vulnerability Details
The calculation of expectedSizeInTokensDelta incorrectly uses division before multiplication without proper scaling.
Because the values in the equation are in 30 decimals, we should scale the result by 1e30 to maintain precision.
Impact
This bug can cause traders to face larger-than-expected losses and may risk the protocol's solvency due to inaccurate collateral reserves.
Tools Used
Manual Review
Recommendations
Fix by reordering operations to multiply before dividing and add a scaling factor for precision:
Lead Judging Commences
invalid_prices_decimals
GMX github documentation: “Prices stored within the Oracle contract represent the price of one unit of the token using a value with 30 decimals of precision. Representing the prices in this way allows for conversions between token amounts and fiat values to be simplified, e.g. to calculate the fiat value of a given number of tokens the calculation would just be: token amount * oracle price, to calculate the token amount for a fiat value it would be: fiat value / oracle price.” Sponsor confirmed the keeper does the same, so price decimals change in function of the token, to be sure the above rule is true. Example for USDC (6 decimals): Prices will have 24 decimals → 1e6 * 1e24 = 1e30. Just a reminder for some submissions: shortToken == collateralTokens, so the decimals is 1e24 for shortToken prices.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.