Closed c4-bot-8 closed 8 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #428
raymondfam marked the issue as duplicate of #661
MarioPoneder marked the issue as not a duplicate
MarioPoneder changed the severity to QA (Quality Assurance)
MarioPoneder marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/libs/VRGDAC.sol#L54-L97 https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/ERC20TokenEmitter.sol#L179-L184 https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/ERC20TokenEmitter.sol#L237 https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/ERC20TokenEmitter.sol#L254 https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/ERC20TokenEmitter.sol#L271
Vulnerability details
Impact
The
VRGDAC
contract implements various cases of divsion before multiplication. Functions depending on these calculations may be calculated incorrectly. WronggetTokenQuoteForEther
value will be returned and the amount of tokens sold to the users will be incorrect or possibly 0. This can also be a source of accounting issues in the protocol.Proof of Concept
The
buyToken
function calculates tokens to emit to creators and buyers by calling thegetTokenQuoteForEther
function.This function then makes a call to the VRGAC contract, calling the yToX function.
The yToX function implements divisions before multiplication, and is vulnerable to the precision loss.
With large and small enough values, the function can return 0, causing that users receive no tokens for the amount paid. Other functions affected are the
buyTokenQuote
,getTokenQuoteForPayment
andOther functions affected are the
Tools Used
Manual Code Review
Recommended Mitigation Steps
Consider restructuring the functions to implement the multiplications first before the divisions.
Assessed type
Math