c4-submissions commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/main/src/libraries/MathUtils.sol#L37

Vulnerability details

Impact

The calculateLinearInterestFromBips function is susceptible to precision loss when the accumulatedInterestRay is smaller than the constant SECONDS_IN_365_DAYS. The division operation can result in rounding down to zero, leading to incorrect interest rate calculations. This precision loss can have a significant impact on the accuracy of interest accrual, especially when dealing with small interest rates or short time intervals. Users may experience unexpected financial losses or gains due to inaccurate interest rate calculations. This can affect their overall financial position and potentially result in monetary losses.

Proof of Concept

function calculateLinearInterestFromBips(
uint256 rateBip,
uint256 timeDelta
) internal pure returns (uint256 result) {
uint256 rate = rateBip.bipToRay();
uint256 accumulatedInterestRay = rate * timeDelta;
unchecked {
  return accumulatedInterestRay / SECONDS_IN_365_DAYS;
}
}

Tools Used

Manual review

Recommended Mitigation Steps

Floating-Point Arithmetic: Use floating-point arithmetic or fixed-point representations with higher precision to perform the division, ensuring that precision is not lost.

Assessed type

Math

c4-pre-sort commented 10 months ago

minhquanym marked the issue as low quality report

minhquanym commented 10 months ago

OOS in bot report. AI generated

c4-judge commented 10 months ago

MarioPoneder marked the issue as unsatisfactory: Out of scope

code-423n4 / 2023-10-wildcat-findings

Precision Loss in Interest Rate Calculation #586