You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.
sherlock-admin opened this issue
Jul 1, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
Now normal maths will have 5000 / 7 which will give 714.2857142857 then multiplying it by 5 = 3571.4285714285
But in solidity when we do 5000/7 we'll have 714 and not 714.285714285 because solidity truncates values when dividing, then multiplying by 5 we'll have 3570 instead of 3571.4285714285.
In the above instance there's a loss of about 1.428571428500163
Impact
precision loss when calculating borrows in D3VaultLiquidation.liquidate()
it might affect the require statement below it making it to revert in a situation where user puts his exact record.amount as debtToCover when calling D3VaultLiquidation.liquidate()
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
PRAISE
high
possible precision loss when calculating
borrows
in D3VaultLiquidation.liquidate() because of division before multiplicationSummary
D3VaultLiquidation.liquidate() divides before multiplying when calculating
borrows
Vulnerability Detail
please take a look at the snippet below
--- record.amount is divided by 1e18 if record.interestIndex == 0 or by record.interestIndex if it's != 0, then it's multiplied by info.borrowIndex
lets say:
record.amount = 5000,
record.interestIndex = 7,
record.borrowIndex = 5,
Now normal maths will have 5000 / 7 which will give 714.2857142857 then multiplying it by 5 = 3571.4285714285
But in solidity when we do 5000/7 we'll have 714 and not 714.285714285 because solidity truncates values when dividing, then multiplying by 5 we'll have 3570 instead of 3571.4285714285.
In the above instance there's a loss of about 1.428571428500163
Impact
precision loss when calculating
borrows
in D3VaultLiquidation.liquidate()it might affect the require statement below it making it to revert in a situation where user puts his exact record.amount as debtToCover when calling D3VaultLiquidation.liquidate()
because of the precision loss the borrows calculated will loss precision and be lesser than debtToCover.
Code Snippet
https://github.com/sherlock-audit/2023-06-dodo/blob/main/new-dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol#L53-L54
Also here
https://github.com/sherlock-audit/2023-06-dodo/blob/main/new-dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultFunding.sol#L99
Tool used
Manual Review
Recommendation
look for a more efficient way to calculate borrows but don't divide before multiplying so as to avoid precision loss
Duplicate of #45
The text was updated successfully, but these errors were encountered: