Closed sherlock-admin closed 1 year ago
kutugu
medium
For a specified amount of order, getRequiredMargin should be rounded up. Otherwise, due to the precision error of division, the calculated margin is insufficient.
getRequiredMargin
function getRequiredMargin(int256 baseAssetQuantity, uint256 price) public view returns(uint256 requiredMargin) { uint quoteAsset = abs(baseAssetQuantity).toUint256() * price / 1e18; requiredMargin = quoteAsset * minAllowableMargin / 1e6; requiredMargin += quoteAsset * takerFee / 1e6; } reserveAmount = getRequiredMargin(order.baseAssetQuantity, order.price); } // add orderInfo for the corresponding orderHash orderInfo[orderHash] = OrderInfo(block.number, 0, reserveAmount, OrderStatus.Placed); emit OrderPlaced(order.trader, orderHash, order, block.timestamp);
The margin should be rounded up
Round direction errors will undercalculate the requiredMargin resulting lock margin is insufficient.
Manual Review
Round up instead of round down
kutugu
medium
getRequiredMargin rounding direction errors undercalculated the requiredMargin
Summary
For a specified amount of order,
getRequiredMarginshould be rounded up. Otherwise, due to the precision error of division, the calculated margin is insufficient.Vulnerability Detail
The margin should be rounded up
Impact
Round direction errors will undercalculate the requiredMargin resulting lock margin is insufficient.
Code Snippet
Tool used
Manual Review
Recommendation
Round up instead of round down