The slippage control in ERC5095 is using the form of x - x / 100, which could be inaccurate due to rounding error.
Vulnerability Detail
If the amount is 99, 99 - 99 / 100 will be 99, and could fail because it is too strict. A more robust way is to use the form x * 99 / 100. In the example, 99 * 99 / 100 will results in 98, as expected.
Impact
The buy and sell functions could fail due to the slippage control not pass. Further the mint/deposit and redeem/withdraw functions could be impacted.
141345
medium
Rounding error in slippage control
Summary
The slippage control in
ERC5095
is using the form ofx - x / 100
, which could be inaccurate due to rounding error.Vulnerability Detail
If the amount is 99,
99 - 99 / 100
will be 99, and could fail because it is too strict. A more robust way is to use the formx * 99 / 100
. In the example,99 * 99 / 100
will results in 98, as expected.Impact
The buy and sell functions could fail due to the slippage control not pass. Further the mint/deposit and redeem/withdraw functions could be impacted.
Code Snippet
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L162-L167
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L194-L199
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L219-L224
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L240-L245
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L294-L299
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L309-L314
Tool used
Manual Review
Recommendation
Change to
x * 99 / 100
.