Open hats-bug-reporter[bot] opened 4 days ago
In mulDiv()
the mentioned division will not revert, it will simply round down. In chisel it reverted which can be ignored.
Extra PoC:
➜ function mulDiv(uint256 x, uint256 y, uint256 d) internal pure returns (uint256 z) {
/// @solidity memory-safe-assembly
assembly {
z := mul(x, y)
// Equivalent to `require(d != 0 && (y == 0 || x <= type(uint256).max / y))`.
if iszero(mul(or(iszero(x), eq(div(z, x), y)), d)) {
mstore(0x00, 0xad251c27) // `MulDivFailed()`.
revert(0x1c, 0x04)
}
z := div(z, d)
}
}
➜ uint z = mulDiv(47025000000000000000, 91698854749990508809, 99000100000000100000)
➜ z
Type: uint256
├ Hex: 0x25c793cb2b71fea83
├ Hex (full word): 0x25c793cb2b71fea83
└ Decimal: 43556912009364630147 // @audit here we get the result of mulDiv()
➜ 47025000000000000000 * 91698854749990508809
Type: uint256
├ Hex: 0xcac17b1aa1d16f338e21b68b023328000
├ Hex (full word): 0xcac17b1aa1d16f338e21b68b023328000
└ Decimal: 4312138644618303676743225000000000000000 // @audit this is numerator
➜ 99000100000000100000 * 43556912009364630147
Type: uint256
├ Hex: 0xcac17b1aa1d16f336ee6073564148e3e0
├ Hex (full word): 0xcac17b1aa1d16f336ee6073564148e3e0
└ Decimal: 4312138644618303676707215636463014700000 //@audit this is result: of denominator * result of division from mulDiv()
➜ 4312138644618303676707215636463014700000 + 36009363536985300000 //@audit adding the remainder [from report] with the result
Type: uint256
├ Hex: 0xcac17b1aa1d16f338e21b68b023328000
├ Hex (full word): 0xcac17b1aa1d16f338e21b68b023328000
└ Decimal: 4312138644618303676743225000000000000000 // @audit we got the numerator
➜
So, it was proved that it is rounding down.
@mihailo-maksa May i know why it is invalid?? It is clear rounding down issue with proof of concept.
If the issue was invalidated because the mulDiv() is FixedPointMathLib.sol which is not in scope then it should not be invalidated because the contract should not use such functions which has rounding down issue. And the severity is high because it is a case of fund loss.
Github username: @itsabinashb Twitter username: akatabletos Submission hash (on-chain): 0x182ebb6dcbbdc5c8a0e43164f413a63b900df46aa794984683d9e72fbf152e37 Severity: high
Description: Description\ To deposit in Atom vault user has to call
depositAtom()
, while depositing the share of user is calculated ingetDepositSharesAndFees()
, in this functionconvertToShares()
is called whereFixedPointMathLib::mulDiv()
is called. ThismulDiv()
uses simple/
method which result rounding down issue by which the user losts lots of share.Attack Scenario\ See the PoC section.
Attachments
I explained everything in code comment, please go throught every line of the PoC to understand the issue:\
If you run the test in DepositTriple.t.sol you will only see the logs, the bug is explained in comments.\
Now we have
z
's value which is:\This division will revert, let's find out the mod:\
You can see the revert from division above, by doing mod we can see this much ether the user will loss due to rounding down issue which is 36 ether.