Open code423n4 opened 2 years ago
certora
division is rounded down so users pay less than they should. https://github.com/code-423n4/2021-12-amun/blob/main/contracts/basket/contracts/facets/Basket/BasketFacet.sol#L163 It's better to use mulDivRoundingUp when calculation user's debt, so the rounding error will be in favor the system. example from uniswap: https://github.com/Uniswap/v3-core/blob/main/contracts/UniswapV3Pool.sol#L800
mulDivRoundingUp
use mulDivRoundingUp from FullMath.sol: https://github.com/Uniswap/v3-core/blob/main/contracts/libraries/FullMath.sol
Handle
certora
Vulnerability details
division is rounded down so users pay less than they should. https://github.com/code-423n4/2021-12-amun/blob/main/contracts/basket/contracts/facets/Basket/BasketFacet.sol#L163 It's better to use
mulDivRoundingUpwhen calculation user's debt, so the rounding error will be in favor the system. example from uniswap: https://github.com/Uniswap/v3-core/blob/main/contracts/UniswapV3Pool.sol#L800Recommended Mitigation Steps
use
mulDivRoundingUpfrom FullMath.sol: https://github.com/Uniswap/v3-core/blob/main/contracts/libraries/FullMath.sol