search

code-423n4 / 2023-08-verwa-findings

8 stars 7 forks source link

Multiplication after Division error #14

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-verwa/blob/main/src/VotingEscrow.sol#L129-L136

Vulnerability details

Impact

There are couple of instance of using result of a division for multiplication while can cause larger values of bias.

Proof of Concept

The VotingEscrow.sol consists of the following code at VotingEscrow.sol#L129-L136

   if (_oldLocked.end > block.timestamp && _oldLocked.delegated > 0) {
                userOldPoint.slope = _oldLocked.delegated / int128(int256(LOCKTIME));
                userOldPoint.bias = userOldPoint.slope * int128(int256(_oldLocked.end - block.timestamp));
            }
            if (_newLocked.end > block.timestamp && _newLocked.delegated > 0) {
                userNewPoint.slope = _newLocked.delegated / int128(int256(LOCKTIME));
                userNewPoint.bias = userNewPoint.slope * int128(int256(_newLocked.end - block.timestamp));
            }

in the above case the user01dPoint.slope value is calculated by dividing _oldLocked.delegated by int128(int256(LOCKTIME)).

Later the userOldPoint.slope value is used to calculate the userOldPoint.slope by multiply further which make the bias value or y co-ordinate value more big.

Tools Used

Manual

Recommended Mitigation Steps

First Multiply all the numerators and then divide it by the product of all the denominator.

Assessed type

Math

c4-pre-sort commented 1 year ago

141345 marked the issue as primary issue

c4-pre-sort commented 1 year ago

141345 marked the issue as duplicate of #299

c4-judge commented 1 year ago

alcueca changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

alcueca marked the issue as grade-a