Submission Details
Impact:
Likelihood:
Precision Loss Risk Due to Integer Division in collateralToWithdraw
Author Revealed upon completion
Precision Loss Risk Due to Integer Division in collateralToWithdraw
Description:
The calculation:
uint256 collateralToWithdraw = (...) / (...);
uses Solidity integer division, which truncates values and can introduce precision loss.
Impact:
May under- or overestimate collateral withdrawal, potentially:
Causing insufficient swap output → transaction revert
Withdrawing excess collateral → suboptimal financial outcome
Recommended Mitigation:
Use full-precision multiplication/division via Math.mulDiv:
+ import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
+ uint256 collateralToWithdraw = Math.mulDiv(
+ _amount * debtTokenPrice * LTV_PRECISION,
+ 10 ** IERC20(unwindParams.collateralToken).decimals(),
+ collateralTokenPrice * (10 ** IERC20(_asset).decimals()) * liqThreshold,
+ Math.Rounding.Ceil
+ );
Rewards breakdown
nSLOC
356This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.