Users that redeem little amount of shares may be given 0 assets when previousPrice is <1e18

[hats-bug-reporter[bot]]

Github username: @@giorgiodalla Twitter username: 0xAuditism Submission hash (on-chain): 0x994983a370cff23118dcde54240a4c6a7c3902d78d64918aac4fa098feda62f0 Severity: low

Description: Description\

When users redeem a small amount of shares, if the previousPrice is <1e18, users may get 0 assets in return

Attack Scenario\ Describe how the vulnerability can be exploited.

Attachments

1. Proof of Concept (PoC) File

    function sharesToAssets(uint256 shares) external view returns (uint256) {
        return Math.mulDiv(shares, previousPrice, 10 ** 18);
    }

Above is the formula to calculate the number of shares to asset. Because of precision lloss in solidity if the numerator is smaller than the denominator, the result will be 0.

so while shares * previousPrice < 1e18, the redeemer will get 0 assets.

2. Revised Code File (Optional)

   
   function redeem(uint256 shares, address receiver, address owner) public returns (uint256 assets) {
       if (owner != msg.sender) _spendAllowance(owner, msg.sender, shares);
       assets = convertToAssets(shares);
   +     if(assets == 0) revert;
       _burn(owner, shares);
       usde.mint(receiver, assets);
   
       emit Withdraw(msg.sender, receiver, owner, assets, shares);
   }

[AndreiMVP]

Similar answer to previous issue of yours https://github.com/hats-finance/Euro-Dollar-0xa4ccd3b6daa763f729ad59eae75f9cbff7baf2cd/issues/33, the OZ Math library handles the rounding