search

code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Incorrect AsymmetricShare calculation in Utils.sol #243

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

The calcAsymmetricShare() function is supposed to calculate the numerator as: share = (u U (2 A^2 - 2 U u + U^2))/U^3 which can be considered as (part1 (part2 - part3 + part4)) / part5 according to the code comments. However the formula for part1, part2 and part4 are incorrect. Instead of part1 being uU it is uA, part2 being 2AA it is 2UU and part4 being UU it is uu. This incorrect calculation affects the collateral value in base calculations used in lending and will lead to incorrect accounting. Protocol will break and funds will be lost.

Proof of Concept

https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/Utils.sol#L266-L276

https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/Utils.sol#L157

Tools Used

Manual Analysis

Recommended Mitigation Steps

Fix the formulae used in the calculation as per code comments.

strictly-scarce commented 3 years ago

https://github.com/code-423n4/2021-04-vader-findings/issues/214

dmvt commented 3 years ago

duplicate of #214