Open c4-submissions opened 9 months ago
0xleastwood marked the issue as primary issue
0xleastwood marked the issue as selected for report
elmutt (sponsor) confirmed
@0xleastwood, Just wanna understand the impact behind this issue. Is it possible to run into the case, where the leftover will be more than a small delta == 1wei
? Even if we somehow make the calculations over the prime numbers, it might not be feasible, but prob I'm missing something here.
The invariant is not broken(e.g user funds are 100% allocated between strategies)
Yes it would be. We have two calculations sValue = (amount * ratio) / 1e18
and vValue = (amount * (1e18 - ratio)) / 1e18
and sValue + vValue
will most likely not equal the full amount passed as msg.value
. Not sure to what extent there would be rounding but it would be at least 1 wei. If we know what the cap might be, I'm not opposed to downgrading this.
Okay tested this out a bit, it appears rounding is capped at 1 wei.
Downgrading to QA because this is super minor.
0xleastwood marked the issue as not selected for report
0xleastwood changed the severity to QA (Quality Assurance)
Thanks for flagging this.
Lines of code
https://github.com/code-423n4/2023-09-asymmetry/blob/main/contracts/AfEth.sol#L160
Vulnerability details
Summary
The logic used to split the deposit amount between SafEth and the Votium strategy can leave some leftovers that will be ignored by the implementation.
Impact
Deposits in the AfEth contract are split based on a configured
ratio
. One portion of the split goes to SafEth, while the other is deposited in the Votium strategy.To calculate the split, the implementation multiplies the deposit amount by
ratio
for the SafEth portion, and the deposit amount by1e18 - ratio
for the VotingStrategy portion.https://github.com/code-423n4/2023-09-asymmetry/blob/main/contracts/AfEth.sol#L148-L169
Because of rounding and limited precision integer math, the split could potentially not cover the entirety of the deposit, i.e.
sValue + vValue != amount
. There could be some leftovers from both calculations that won't be considered in the deposit.Recommendation
Instead of calculating
vValue
using1e18 - ratio
, simply use difference between the deposited amount and the calculated SafEth amount (sValue
).Assessed type
Other