search

code-423n4 / 2023-08-shell-findings

4 stars 2 forks source link

_getUtility function may be vulnerable to precision loss #274

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-shell/blob/c61cf0e01bada04c3d6055acb81f61955ed600aa/src/proteus/EvolvingProteus.sol#L712-L718

Vulnerability details

Impact

When calculating r0 and r1 in the _getUtility function precision loss may occur due to the use of the standard devision operator / instead of the devision functions of ABDKMath64x64. As the other values in the equation make use of the library's methods if the absolute value of the divisor is larger than the divident than the utility may be equal to zero.

Proof of Concept

int256 r0 = (-bQuad*MULTIPLIER + disc*MULTIPLIER) / aQuad.mul(two).muli(MULTIPLIER);
int256 r1 = (-bQuad*MULTIPLIER - disc*MULTIPLIER) / aQuad.mul(two).muli(MULTIPLIER);

Tools Used

Manual review

Recommended Mitigation Steps

Use ABDKMath64x64's division functions to prevent precision loss.

Assessed type

Math

c4-pre-sort commented 1 year ago

0xRobocop marked the issue as primary issue

c4-pre-sort commented 1 year ago

0xRobocop marked the issue as low quality report

c4-judge commented 1 year ago

JustDravee marked the issue as unsatisfactory: Insufficient proof