code-423n4 / 2023-08-shell-findings

3 stars 2 forks source link

MIN_PRICE_VALUE is incorrect #227

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-shell/blob/main/src/proteus/EvolvingProteus.sol#L175

Vulnerability details

Impact

The MIN_PRICE_VALUE variable is being calculated based on 10^10 instead of the intended 10^12. As a result, the MIN_PRICE_VALUE will be lower than expected with 2 decimal places precision, potentially allowing px_init and px_final to be set lower than the MIN_PRICE_VALUE.

Proof of Concept

A code PoC demonstrates the issue by calculating MIN_PRICE_VALUE with both 10^10 and 10^12:

function testMinPriceValueWith10() public returns (int256) {
    int256 MIN_P_V = ABDKMath64x64.divu(10**10, 1e18);
    return MIN_P_V; // 184467440737
}

function testMinPriceValueWith12() public returns (int256) {
    int256 MIN_P_V = ABDKMath64x64.divu(10**12, 1e18);
    return MIN_P_V; // 18446744073709
}

The expected result for the second function should be 18446744073709 (10^12 in wei), but the current code implementation results in 184467440737 (10^10 in wei).

    /** 
     @notice 
     The minimum price value calculated with abdk library equivalent to 10^12(wei)
    */ 
    int256 constant MIN_PRICE_VALUE = 184467440737;

Tools Used

Recommended Mitigation Steps

We recommend updating the variable as follows:

int256 constant MIN_PRICE_VALUE = 18446744073709;

Assessed type

Error

c4-pre-sort commented 1 year ago

0xRobocop marked the issue as primary issue

c4-pre-sort commented 1 year ago

0xRobocop marked the issue as sufficient quality report

viraj124 commented 1 year ago

there was a typo in the comment and we pinned that in the public audit channel https://discord.com/channels/810916927919620096/1141369345340080209/1143958635047829534 during the audit

c4-sponsor commented 1 year ago

viraj124 (sponsor) disputed

c4-judge commented 1 year ago

JustDravee marked the issue as unsatisfactory: Invalid