Closed github-actions[bot] closed 1 year ago
0xhacksmithh
medium
_isCollateralized()
_roundToScale()
Due division before multiplication both functions _isCollateralized() and _roundToScale() gives inaccurate results.
In these below 2 functions, their arithmatic calculation suffering from precision loss, that ultimately result in inaccurate result.
function _roundToScale( uint256 amount_, uint256 tokenScale_ ) pure returns (uint256 scaledAmount_) { scaledAmount_ = (amount_ / tokenScale_) * tokenScale_; }
function _isCollateralized( uint256 debt_, uint256 collateral_, uint256 price_, uint8 type_ ) pure returns (bool) { if (type_ == uint8(PoolType.ERC20)) return Maths.wmul(collateral_, price_) >= debt_; else { //slither-disable-next-line divide-before-multiply collateral_ = (collateral_ / Maths.WAD) * Maths.WAD; // use collateral floor return Maths.wmul(collateral_, price_) >= debt_; } }
refer summary
https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/helpers/PoolHelper.sol#L143-L155 https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/helpers/PoolHelper.sol#L234-L239
Manual Review
Multiplication should preformed before Division
Duplicate of #51
0xhacksmithh
medium
Precision loss in
_isCollateralized()and_roundToScale()functionsSummary
Due division before multiplication both functions
_isCollateralized()and_roundToScale()gives inaccurate results.Vulnerability Detail
In these below 2 functions, their arithmatic calculation suffering from precision loss, that ultimately result in inaccurate result.
Impact
refer summary
Code Snippet
https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/helpers/PoolHelper.sol#L143-L155 https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/libraries/helpers/PoolHelper.sol#L234-L239
Tool used
Manual Review
Recommendation
Multiplication should preformed before Division
Duplicate of #51