The impact of this vulnerability can lead to incorrect calculations, which might result in financial losses, incorrect state updates, or even allow for exploits.
Proof of Concept
The provided code snippets demonstrate the vulnerability through various instances where division is performed before multiplication. For example, in the CollateralTracker.startToken function, the _poolFee is calculated by dividing fee by 100 and then multiplying by ITM_SPREAD_MULTIPLIER and DECIMALS. Similarly, in the PanopticFactory._mintFullRange function, tickLower is calculated by dividing Constants.MIN_V3POOL_TICK by tickSpacing and then multiplying by tickSpacing. These operations can lead to precision loss due to the truncation of integer division in Solidity.
Tools Used
Slither was used to identify this vulnerability.
Recommended Mitigation Steps
To mitigate this vulnerability, it's recommended to rearrange arithmetic operations to perform multiplication before division, unless the limit of a smaller type makes this dangerous. This approach helps to preserve precision and avoid unintended results. Here are some general guidelines for mitigation:
Reorder Operations: Whenever possible, rearrange the order of operations to perform multiplication before division. This can be particularly important in financial calculations where precision is critical.
Use SafeMath or Solidity 0.8.x: If you're using a version of Solidity prior to 0.8.0, consider using the SafeMath library for arithmetic operations to prevent overflows and underflows. Solidity 0.8.0 and later versions include built-in overflow and underflow checks, which can help mitigate some of these risks.
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/CollateralTracker.sol#L249
Vulnerability details
Impact
The impact of this vulnerability can lead to incorrect calculations, which might result in financial losses, incorrect state updates, or even allow for exploits.
Proof of Concept
The provided code snippets demonstrate the vulnerability through various instances where division is performed before multiplication. For example, in the
CollateralTracker.startToken
function, the_poolFee
is calculated by dividingfee
by 100 and then multiplying byITM_SPREAD_MULTIPLIER
andDECIMALS
. Similarly, in thePanopticFactory._mintFullRange
function,tickLower
is calculated by dividingConstants.MIN_V3POOL_TICK
bytickSpacing
and then multiplying bytickSpacing
. These operations can lead to precision loss due to the truncation of integer division in Solidity.Tools Used
Slither was used to identify this vulnerability.
Recommended Mitigation Steps
To mitigate this vulnerability, it's recommended to rearrange arithmetic operations to perform multiplication before division, unless the limit of a smaller type makes this dangerous. This approach helps to preserve precision and avoid unintended results. Here are some general guidelines for mitigation:
Reorder Operations: Whenever possible, rearrange the order of operations to perform multiplication before division. This can be particularly important in financial calculations where precision is critical.
Use SafeMath or Solidity 0.8.x: If you're using a version of Solidity prior to 0.8.0, consider using the SafeMath library for arithmetic operations to prevent overflows and underflows. Solidity 0.8.0 and later versions include built-in overflow and underflow checks, which can help mitigate some of these risks.
Assessed type
Math