Open c4-bot-8 opened 5 months ago
M-25: Asymmetric calculation of price difference
The original code contains an asymmetric calculation of price difference:
function _requireMaxDifference(uint256 priceX96, uint256 verifyPriceX96, uint256 maxDifferenceX10000) internal pure { uint256 differenceX10000 = priceX96 > verifyPriceX96 ? (priceX96 - verifyPriceX96) * 10000 / priceX96 : (verifyPriceX96 - priceX96) * 10000 / verifyPriceX96; // if too big difference - revert if (differenceX10000 >= maxDifferenceX10000) { revert PriceDifferenceExceeded(); } }
The denominator is different for 2 cases, one is priceX96 and one is verifyPriceX96, causing asymmetric in price difference calculation.
priceX96
verifyPriceX96
PR #5 The mitigation fix the asymmetric calculation by consistently using verifyPriceX96 as denominator for both cases:
uint256 differenceX10000 = priceX96 >= verifyPriceX96 ? (priceX96 - verifyPriceX96) * 10000 : (verifyPriceX96 - priceX96) * 10000; // if invalid price or too big difference - revert if ( (verifyPriceX96 == 0 || differenceX10000 / verifyPriceX96 > maxDifferenceX10000) && maxDifferenceX10000 < type(uint16).max ) { revert PriceDifferenceExceeded(); }
The mitigation solved in original issue
LGTM
jhsagd76 marked the issue as satisfactory
jhsagd76 marked the issue as confirmed for report
Lines of code
Vulnerability details
Lines of code
Vulnerability details
C4 issue
M-25: Asymmetric calculation of price difference
Comment
The original code contains an asymmetric calculation of price difference:
The denominator is different for 2 cases, one is
priceX96
and one isverifyPriceX96
, causing asymmetric in price difference calculation.Mitigation
PR #5 The mitigation fix the asymmetric calculation by consistently using
verifyPriceX96
as denominator for both cases:The mitigation solved in original issue
Conclusion
LGTM