This repository has been archived by the owner on Dec 31, 2023. It is now read-only.
PRAISE - possible precision loss in D3VaultLiquidation.finishLiquidation() function when calculating realDebt because of division before multiplication #45
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
Comments
github-actions
bot
added
Medium
This was referenced Jul 5, 2023
Closed
|
Doesn't address this issue. Though precision loss is very minimal given the decimal math utilized. Optional change here |
|
There is another fix for this issue. We realised the last one does not work: https://github.com/DODOEX/new-dodo-v3/pull/54/files |
|
Fix looks good. Creates the _borrowAmount function which fixes the order of operations |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
PRAISE
medium
possible precision loss in D3VaultLiquidation.finishLiquidation() function when calculating realDebt because of division before multiplication
Summary
finishLiquidation() divides before multiplying when calculating realDebt.
Vulnerability Detail
There will be precision loss when calculating the realDebt because solidity truncates values when dividing and dividing before multiplying causes precision loss.
Values that suffered from precision loss will be updated here
Impact
Values that suffered from precision loss will be updated here
Code Snippet
https://github.com/sherlock-audit/2023-06-dodo/blob/main/new-dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol#L144
https://github.com/sherlock-audit/2023-06-dodo/blob/main/new-dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol#L147
Tool used
Manual Review
Recommendation
don't divide before multiplying
The text was updated successfully, but these errors were encountered: