c4-pre-sort
commented
8 months ago gzeon-c4 marked the issue as insufficient quality report
Closed c4-bot-9 closed 8 months ago
c4-pre-sort
commented
8 months ago gzeon-c4 marked the issue as insufficient quality report
gzeon-c4
commented
8 months ago it favor the protocol
c4-judge
commented
8 months ago JustDravee marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/PrincipalToken.sol#L791
Vulnerability details
Impact
shares = _ibts.mulDiv(_ibtRate, _ptRate, Math.Rounding.Ceil); This line converts the amount of IBTs to shares using the provided interest-bearing token rate (_ibtRate) and principal token rate (_ptRate), rounding up to the nearest whole share. The use of Math.Rounding.Ceil ensures that any fractional shares result in an additional whole share being considered, which is typically favorable to the user. There are no logical errors here, but it's important to note that rounding up could slightly disadvantage the protocol in favor of users.
Proof of Concept
https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/PrincipalToken.sol#L791
https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/PrincipalToken.sol#L780-L798
This line converts the amount of IBTs to shares using the provided interest-bearing token rate (_ibtRate) and principal token rate (_ptRate), rounding up to the nearest whole share. The use of Math.Rounding.Ceil ensures that any fractional shares result in an additional whole share being considered, which is typically favorable to the user. There are no logical errors here, but it's important to note that rounding up could slightly disadvantage the protocol in favor of users.
Tools Used
Manual Review
Recommended Mitigation Steps
-shares = _ibts.mulDiv(_ibtRate, _ptRate, Math.Rounding.Ceil);+shares = _ibts.mulDiv(_ibtRate, _ptRate, Math.Rounding.Floor);Assessed type
Math