The above formula amount * StableCoinBalance / 10**18 maybe have the possibility of precision loss
and StableCoinBalance as usdc's decimals == 6
It is recommended to use redeemAmount = amount * StableCoinBalance / totalSupply
Test code:
function test_precision() external {
uint256 stableCoin = 1_000_000;
uint256 totalSupply = 10_000_000_000;
uint256 amount = totalSupply;
uint256 old = (amount * stableCoin/10**18) * 10**18 / totalSupply;
uint256 new_ = amount * stableCoin / totalSupply;
console.log("old formula result :",old);
console.log("new formula result:",new_);
}
forge test --match test_precision -vvv
[PASS] test_precision() (gas: 4632)
Logs:
old formula result : 0
new formula result : 1000000
Test result: ok. 1 passed; 0 failed; finished in 917.24µs
Lines of code
https://github.com/code-423n4/2023-02-kuma/blob/3f3d2269fcb3437a9f00ffdd67b5029487435b95/src/kuma-protocol/KUMASwap.sol#L309-L310
Vulnerability details
Impact
Unnecessary precision loss in redeemKIBT()
Proof of Concept
If enter Deprecated mode, user can switch back to StableCoin by percentage with redeemKIBT()
The redeemKIBT() implementation code is as follows:
Simplify the formula:
The above formula
amount * StableCoinBalance / 10**18
maybe have the possibility of precision loss and StableCoinBalance as usdc's decimals == 6It is recommended to use
redeemAmount = amount * StableCoinBalance / totalSupply
Test code:
Tools Used
Recommended Mitigation Steps