search

code-423n4 / 2023-10-wildcat-findings

12 stars 9 forks source link

potential DOS cause of rounding up at rayMul and rayDiv #709

Closed c4-submissions closed 10 months ago

c4-submissions commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/libraries/MathUtils.sol#L134-L149 https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/libraries/MathUtils.sol#L151-L166

Vulnerability details

Impact

In rayMul and rayDiv , there is always rounding up ,cause of that , there will be potential DOS

Proof of Concept

function normalizeAmount(
MarketState memory state,
uint256 amount

) internal pure returns (uint256) { return amount.rayMul(state.scaleFactor); }

function scaleAmount(MarketState memory state, uint256 amount) internal pure returns (uint256) { return amount.rayDiv(state.scaleFactor); }

Cause of rounding up , they will take more than they should get , let protocol be insolvency

Tools Used

manual view

Recommended Mitigation Steps

use rounding down

Assessed type

DoS

d1ll0n commented 10 months ago

Specifically out of scope

Conversion between scaled and normalized balances inherently incurs some rounding error; we consider rounding errors limited to "dust" (miniscule amounts left unaccounted for) out of scope unless they lead to additional unexpected behavior (e.g. if a rounding error can prevent withdrawal batches from being closed).

c4-pre-sort commented 10 months ago

minhquanym marked the issue as low quality report

c4-judge commented 10 months ago

MarioPoneder marked the issue as unsatisfactory: Insufficient quality