Precision Mismatch in Exchange Rate Calculation

Summary

This potential issue arises due to the manipulation of decimal places and rounding errors when performing calculations involving different decimals, leading to inaccurate USD value calculation for isolated collateral in the provided function.

Vulnerability Detail

The function getIsolatedCollateralValue calculates the USD value of isolated collateral for a specific position. It handles both soft vault and non-soft vault cases. However, a potential vulnerability emerges when dealing with soft vaults and their associated exchange rates. The exchange rate retrieved using the exchangeRateStored() function has 18 decimals, as indicated by the provided comment. On the other hand, the value of Constants.PRICE_PRECISION might have a different number of decimals. If these decimal places do not align, inaccurate results can occur due to the imprecise nature of floating-point arithmetic.

Impact

Possible incorrect calculations of the USD value of isolated collateral. In cases where the exchange rate and Constants.PRICE_PRECISION have different decimal places, division by Constants.PRICE_PRECISION can result in truncation, rounding errors, or loss of precision. Consequently, the final computed value of icollValue will be incorrect, leading to incorrect assessments of the collateral's value.

Code Snippet

(https://github.com/sherlock-audit/2023-07-blueberry/blob/main/blueberry-core/contracts/BlueBerryBank.sol#L99-L106)

Tool used

Manual Review

Recommendation

Consider using libraries that offer arbitrary-precision arithmetic to perform calculations with the desired level of precision. By maintaining uniform precision, the division by Constants.PRICE_PRECISION will yield accurate results.

sherlock-audit / 2023-07-blueberry-judging

Oxhunter526 - Precision Mismatch in Exchange Rate Calculation #51