search

code-423n4 / 2023-10-wildcat-findings

14 stars 10 forks source link

potential DOS cause of rounding up at rayMul and rayDiv #709

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/libraries/MathUtils.sol#L134-L149 https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/libraries/MathUtils.sol#L151-L166

Vulnerability details

Impact

In rayMul and rayDiv , there is always rounding up ,cause of that , there will be potential DOS

Proof of Concept

function normalizeAmount(
MarketState memory state,
uint256 amount

) internal pure returns (uint256) { return amount.rayMul(state.scaleFactor); }

function scaleAmount(MarketState memory state, uint256 amount) internal pure returns (uint256) { return amount.rayDiv(state.scaleFactor); }

Cause of rounding up , they will take more than they should get , let protocol be insolvency

Tools Used

manual view

Recommended Mitigation Steps

use rounding down

Assessed type

DoS

d1ll0n commented 1 year ago

Specifically out of scope

Conversion between scaled and normalized balances inherently incurs some rounding error; we consider rounding errors limited to "dust" (miniscule amounts left unaccounted for) out of scope unless they lead to additional unexpected behavior (e.g. if a rounding error can prevent withdrawal batches from being closed).

c4-pre-sort commented 1 year ago

minhquanym marked the issue as low quality report

c4-judge commented 1 year ago

MarioPoneder marked the issue as unsatisfactory: Insufficient quality