search

sherlock-audit / 2023-07-blueberry-judging

2 stars 1 forks source link

BugBusters - Possible precision loss in `getPrice` function of `CurveVolatileOracle.sol` #131

Closed sherlock-admin2 closed 1 year ago

sherlock-admin2 commented 1 year ago

BugBusters

high

Possible precision loss in getPrice function of CurveVolatileOracle.sol

Summary

Potential Precision Loss Due to Division-Multiplication Sequence

Vulnerability Detail

In the getPrice function of CurveVolatileOracle.sol, there is a sequence of mathematical operations involving division followed by multiplication. This can lead to precision loss due to the rounding errors introduced by the division operation.

Impact

Precision loss can occur when performing division followed by multiplication. The rounding errors introduced during the division operation can propagate through subsequent multiplication, resulting in an inaccurate final result resulting we will get incorrect price

Code Snippet

https://github.com/sherlock-audit/2023-07-blueberry/blob/7c7e1c4a8f3012d1afd2e598b656010bb9127836/blueberry-core/contracts/oracle/CurveVolatileOracle.sol#L122-L124

Tool used

Manual Review

Recommendation

avoid division before multiplication

sherlock-admin2 commented 1 year ago

3 comment(s) were left on this issue during the judging contest.

0xyPhilic commented:

invalid because auditor did not present any evidence that there is a precision loss or the impact of it

darkart commented:

The function is used properly

Kral01 commented:

low severity