search

code-423n4 / 2021-09-wildcredit-findings

0 stars 0 forks source link

Truncated math in `interestRatePerBlock` #46

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

cmichel

Vulnerability details

The InterestRateModel.interestRatePerBlock function computes the utilization with an early division by the total supply.

This leads to a loss of precision of that variable.

Impact

The utilization ratio is less accurate than it could be.

Recommendation

Generally, it is recommended to do all multiplication before any divisions. Once could compute uint256 utilization = _totalDebt * 100e18 * 100e18 / / _totalSupply / targetUtilization instead and get a higher precision.

talegift commented 3 years ago

It's a good practice, we'll implement it and keep the current calculation as a comment for better clarity.

But I don't see a risk in this as the current calculation already multiplies debt by 100e18 to increase precision. Consider lowering severity to 0.

ghoul-sol commented 3 years ago

best practice, non-critical