search

hats-finance / Convergence-Finance---IBO-0x0e410e7af8e70fc5bffcdbfbdf1673ee7b3d0777

IBO, Vesting & Bond mecanism repo prepared for Hat finance audit competition
0 stars 0 forks source link

Loss of precision #86

Open hats-bug-reporter[bot] opened 1 year ago

hats-bug-reporter[bot] commented 1 year ago

Github username: @saidqayoumsadat Submission hash (on-chain): 0xfe0fae9c4c1fa38373b80cab8368ba557914fb700c56bebd46176aba04bef23d Severity: low

Description: Description

Division by large numbers may result in the result being zero, due to solidity not supporting fractions. Consider requiring a minimum amount for the numerator to ensure that it is always larger than the denominator

file: /contracts/Oracles/CvgOracle.sol

108            price = TickMath.getSqrtRatioAtTick(
                int24((tickCumulatives[1] - tickCumulatives[0]) / int56(int32(twapInterval)))
110            );

https://github.com/Cvg-Finance/hats-audit/blob/da48577d2f42fa8c2e35bb7223208ea6ba88012e/contracts/Oracles/CvgOracle.sol#L108-L110

walk-on-me commented 12 months ago

Hello, Thanks a lot for your attention.

If the price returned by the Oracle is too far away from the Chainlink Aggregator linked It'd be not possible to trigger a deposit transaction through the IBO

Also, we'll use small twapInterval approx 30s that'll ensure that the numerator will be always bigger than the denominator

We have so to consider this issue as Invalid