DIVISION BEFORE MULTIPLICATION CAN LEAD TO LEAK OF VALUE

[code423n4]

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L1162-L1163

Vulnerability details

DIVISION BEFORE MULTIPLICATION CAN LEAD TO LEAK OF VALUE

Division before multiplication can lead to a loss of precision, as Solidity integer division may truncate. For Dutch and reverse Dutch auctions, this can result in the wrong price being returned from _getCurrentPrice()

Impact

Medium

Proof Of Concept

InfinityExchange.sol

In _getCurrentPrice(), when elapsedTime < duration:

• if elapsedTime * PRECISION is not divisible by duration, portionBps will get truncated, and priceDiff will be incorrect with a deviation that can reach ~1%

Tools Used

Manual Analysis

Recommended Mitigation Steps

Replace

uint256 portionBps = elapsedTime > duration ? PRECISION : ((elapsedTime * PRECISION) / duration);
priceDiff = (priceDiff * portionBps) / PRECISION;

with

uint256 priceDiff = elapsedTime > duration ? priceDiff : (elapsedTime * priceDiff / duration);

[HardlyDifficult]

See https://github.com/code-423n4/2022-06-infinity-findings/issues/255#issuecomment-1179564303

Merging with the warden's QA report #299