search

sherlock-audit / 2023-02-carapace-judging

2 stars 0 forks source link

joestakey - Mismatch for Risk Factor formula #326

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

joestakey

medium

Mismatch for Risk Factor formula

Summary

calculateRiskFactor() computes the risk factor differently than what is documented.

Vulnerability Detail

The comment says the denominator should be (currentLeverageRatio - leverageRatioFloor - BUFFER), while in the code it actually is (currentLeverageRatio - (leverageRatioFloor - BUFFER)) = (currentLeverageRatio - leverageRatioFloor + BUFFER)

File: contracts/libraries/RiskFactorCalculator.sol
26: * Formula for Risk Factor:
27:    * curvature * ((leverageRatioCeiling + BUFFER - currentLeverageRatio) / (currentLeverageRatio - leverageRatioFloor - BUFFER))
File: contracts/libraries/RiskFactorCalculator.sol
53:     int256 _denominator = int256(_currentLeverageRatio) -
54:       int256(_leverageRatioFloor - _leverageRatioBuffer);

Impact

The risk factor computed as per the comments is higher than what it is in reality, which can be confusing and lead to unexpected results for end-users.

Code Snippet

https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/libraries/RiskFactorCalculator.sol#L27

Tool used

Manual Review

Recommendation

Amend the comment to match the code.