Open code423n4 opened 2 years ago
while this is technically true, the actual precision loss should be very negligible.
I think any precision loss or value leakage qualifies for a medium
severity issue. This seems like it would lead to an inconsistent fee calculation and is probably worthwhile fixing long-term.
Handle
gzeon
Vulnerability details
Impact
The fee calculation
tries to calculate a fee such that fee/(supply+fee) = %fee using a simple interest formula (i.e. no compounding), this lead to slightly less fee collected when fee are collected more frequently (small timeDiff) vs less frequently (big timeDiff).
Proof of Concept
https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L133