Inadequate Precision Handling in The `_raw_price` function
Summary
The _raw_price function in the scrvUSD Oracle uses integer division, discarding fractional values during price calculations. Over time, repeated truncations accumulate, causing gradual price inaccuracies.
Repeated integer truncation in _raw_price causes cumulative price drift.
Vulnerability Details
Code Location:
Root Cause:
-
Integer Truncation: The calculation
(total_assets * 1e18) // total_supplydiscards the remainder, losing precision. -
Example:
total_assets = 1000.5,total_supply = 2→(1000.5 * 1e18) // 2 = 500.25e18(truncated to500e18).Cumulative error after 100 updates:
25e18 * 100 = 2500e18(0.25% inaccuracy).
Impact
Direct Impact: Price Drift: Persistent truncation errors distort scrvUSD prices, deviating from true values by ~0.1–1% annually.
-> (Slow exploitation, but economically impactful over time).
Tools Used
Recommendations
-
Increase Precision:
-
Scale calculations to
1e27to minimize truncation losses:python
return (self._total_assets(parameters) * 10**27) / self._total_supply(...)
-
Lead Judging Commences
[invalid] finding-precision-loss
All values will be scaled to a combined of 36 decimals before division (be it price-related values or totalSupply). Considering the 18 decimals of all values, no realistic values were presented in any duplicates to proof a substantial impact on precision loss.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.