code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-Stealth-Project/blob/main/maverick-v1/contracts/libraries/BinMath.sol#L115-L118

Vulnerability details

Impact

Because ratio first divides and then multiplies again, there is a significant loss of precision;


maverick-v1/contracts/libraries/BinMath.sol:
  114          if (tick & 0x40000 != 0) ratio = (ratio * 0x2216e584f630389b2052b8db590e) >> 128;
  115:         if (_tick > 0) ratio = type(uint256).max / ratio;
  116:         uint256 result = (ratio * PRBMathUD60x18.SCALE) >> 128;
  117: 
  118:         return result;
  119      }

Tools Used

Manual code review

Recommended Mitigation Steps

Multiply first before dividing to keep the precision.

kirk-baird commented 1 year ago

This issue is not well explained and doesn't make sense.

c4-judge commented 1 year ago

kirk-baird marked the issue as unsatisfactory: Invalid

code-423n4 / 2022-12-Stealth-Project-findings

Division before multiplication causing significant loss of precision #43

Lines of code

Vulnerability details

Impact

Tools Used

Recommended Mitigation Steps