Closed code423n4 closed 1 year ago
0xRobocop marked the issue as primary issue
0xRobocop marked the issue as sufficient quality report
there was a typo in the comment and we pinned that in the public audit channel https://discord.com/channels/810916927919620096/1141369345340080209/1143958635047829534 during the audit
viraj124 (sponsor) disputed
JustDravee marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-08-shell/blob/main/src/proteus/EvolvingProteus.sol#L175
Vulnerability details
Impact
The MIN_PRICE_VALUE
variable is being calculated based on 10^10 instead of the intended 10^12. As a result, theMIN_PRICE_VALUE
will be lower than expected with 2 decimal places precision, potentially allowingpx_init
andpx_final
to be set lower than theMIN_PRICE_VALUE
.Proof of Concept
A code PoC demonstrates the issue by calculating
MIN_PRICE_VALUE
with both 10^10 and 10^12:The expected result for the second function should be
18446744073709 (10^12 in wei)
, but the current code implementation results in184467440737 (10^10 in wei)
.Tools Used
Recommended Mitigation Steps
We recommend updating the variable as follows:
Assessed type
Error