Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Precision Loss Due to Division Before Multiplication in multiple Functions across RACC

hailthelord

Summary

Multiple functions in ReserveLibrary lose precision by performing division before multiplication, leading to inaccurate interest, liquidity, and usage index calculations.

Vulnerability Details

The following functions are affected:

ReserveLibrary::updateReserveInterests

ReserveLibrary::calculateLiquidityIndex

ReserveLibrary::calculateLinearInterest

ReserveLibrary::calculateUsageIndex

ReserveLibrary::calculateBorrowRate

ReserveLibrary::calculateLiquidityRate

RToken::calculateDustAmount

RToken::mint

RToken::burn

These functions divide values (e.g., by SECONDS_PER_YEAR or 1e27) before multiplying, causing truncation and precision loss. This is critical for large Ray values (1e27).

POC

Example 1: calculateLinearInterest

Assumptions:

  • cumulatedInterest = 1e27 (1 Ray)

  • SECONDS_PER_YEAR = 31536000

  • timeDelta = 1 second

Current Logic:

  1. Divide first: 1e27 / 31536000 ≈ 3.17e19

  2. Multiply: 3.17e19 * 1 = 3.17e19 (loses precision)

Correct Logic:

  1. Multiply first: 1e27 * 1 = 1e27

  2. Then divide: 1e27 / 31536000 ≈ 3.17e19 (more accurate)

Example 2: calculateBorrowRate

Assumptions:

  • excessUtilization = 1e25 (0.01 Ray)

  • rateSlope = 1e27 (1 Ray)

  • maxExcessUtilization = 1e27 (1 Ray)

Current Logic:

  1. excessUtilization.rayMul(rateSlope): (1e25 * 1e27) / 1e27 = 1e25

  2. Then rayDiv(maxExcessUtilization): (1e25 * 1e27) / 1e27 = 1e25

  3. Issue: Small values lose precision due to sequential divisions.

Example 3: calculateLiquidityRate (Cumulative Loss)

Assumptions:

  • a = 1e26

  • b = 1e26

  • c = 1e26

Current Logic:

  1. First rayMul: (1e26 * 1e26) / 1e27 = 1e25

  2. Second rayMul: (1e25 * 1e26) / 1e27 = 1e24 (significant loss)

Correct Logic:

  1. Multiply first: (1e26 * 1e26 * 1e26) / (1e27 * 1e27)

  2. Simplifies to: 1e26 / 1e27 = 1e-1

  3. Issue: In integer math, this could floor to 0, losing precision.

Impact

Inaccurate interest rates (over/undercharged).
Incorrect liquidity and usage indices, destabilizing reserves.
Financial losses for users and the protocol.

Tools Used

Manual Review

Recommendations

  • Multiply before dividing to preserve precision.

  • Minimize sequential rayMul/rayDiv operations.

  • For calculateLinearInterest, multiply cumulatedInterest by timeDelta before dividing by SECONDS_PER_YEAR.

  • For calculateBorrowRate, rearrange to reduce division impact.

  • For calculateLiquidityRate, combine multiplications before divisions.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!