Incorrect pricePerAsset() Calculation leads to incorrect price feeds for end users.
Summary and Vulnerability Details
The functions price_v0, price_v1, and price_v2 calculate pricePerAsset() as
1036 // _price_vX().
This is intended to represent the asset price relative to the share price. However, this calculation is only correct if the share price is normalized to 1018. It's not guaranteed that _price_vX() will always be in the range to give meaningful results with this division, especially as the price grows. It would be better to have a fixed value such as 10**18 and adjust the value of _price_vX() relative to this fixed value.
The flawed calculation of pricePerAsset() will directly impact the accuracy of the price oracle, leading to incorrect price feeds for consumers. It will not revert transactions but will provide wrong data.
POC:
Assume
_price_v0() (or v1, v2) returns 5 * 1018 (5x the normalized value).
**** pricePerAsset() becomes 1036 // (5 * 1018) = 2 * 1017, when it should be closer to 1018 / 5 = 2 * 1017. This indicates an inaccurate asset price in terms of shares. The precision of the calculation will be affected.
Impact
Impact: This flaw will lead to systematic mispricing of scrvUSD assets when users interact with pools using pricePerAsset(), causing impermanent loss and arbitrage opportunities against LPs, and affecting user trust.
Tools Used
Manual review
Recommendations
It would be better to have a fixed value such as 10**18 and adjust the value of _price_vX() relative to this fixed value.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.