The approximately equal range is too high for some high-value tokens.
Summary
The approximately equal range is too high for some high-value tokens.
Vulnerability Detail
approximatelyEquals checks whether the auction target value equals the current value. It takes an approximate approach; about +-1 deviation is accepted. For some high-value tokens, take wBtc for example; the deviation may be too high. It can cause all targets to be met very early, which leads to the bidder can call raiseAssetTargets even target not meet.
twcctop
high
The approximately equal range is too high for some high-value tokens.
Summary
The approximately equal range is too high for some high-value tokens.
Vulnerability Detail
approximatelyEquals
checks whether the auction target value equals the current value. It takes an approximate approach; about +-1 deviation is accepted. For some high-value tokens, take wBtc for example; the deviation may be too high. It can cause all targets to be met very early, which leads to the bidder can callraiseAssetTargets
even target not meet.Impact
positionMultiplier
could reach a very high valueCode Snippet
https://github.com/sherlock-audit/2023-06-Index/blob/main/index-protocol/contracts/protocol/modules/v1/AuctionRebalanceModuleV1.sol#L1089-L1092
Tool used
Manual Review
Recommendation
The approximately equal method can be replaced with percentage meet.