1. Summary

• Severity: Low

• Category: Data Validation/Precision

• Impact: Integration complexity and potential calculation errors

• Likelihood: Medium

2. Affected Code

• Contract: ScrvusdOracleV2.vy

• Variables: MAX_BPS_EXTENDED, max_price_increment

• Lines: 42, 73

3. Vulnerability Details

Root Cause

The contract uses different precision standards across its calculations:

• MAX_BPS_EXTENDED uses 10^12 precision (1e12)

• max_price_increment uses 10^18 precision (1e18)

• Price calculations mix these precisions in various functions

Impact Scenarios

1. Integration errors when other contracts assume consistent precision

2. Potential for calculation errors in price adjustments

3. Increased complexity in contract maintenance

4. Higher gas costs due to additional precision conversions

4. Proof of Concept (PoC)

5. Recommended Fix

Option 1: Standardize to 18 Decimals

Option 2: Add Precision Constants

6. Severity Justification

Rated as Low severity because:

1. No direct security vulnerability

2. Calculations remain mathematically correct

3. Impact limited to integration complexity

4. Documentation notes precision differences

However, standardization would improve:

• Code maintainability

• Integration reliability

• Gas efficiency

• Readability

7. Recommended Best Practices

1. Use consistent precision throughout the system

2. Document precision requirements clearly

3. Add helper functions for precision conversions

4. Include precision checks in tests

5. Consider standard industry practices (18 decimals)