search

sherlock-audit / 2023-11-olympus-judging

9 stars 8 forks source link

kgothatso - This division is incorrect and return incorrect values #197

Closed sherlock-admin closed 11 months ago

sherlock-admin commented 11 months ago

kgothatso

medium

This division is incorrect and return incorrect values

Summary

Dividing can cause a rounding down. some decimals will cut off and need to be handled in a safe way

Vulnerability Detail

the will be a loss in funds when you divide incorrectly , you have to handle zero division

Impact

the will be a loss in funds when you divide incorrectly , you have to handle zero division

Code Snippet

https://github.com/sherlock-audit/2023-11-olympus/blob/9c8df76dc9820b4c6605d2e1e6d87dcfa9e50070/bophades/src/modules/PRICE/OlympusPrice.v2.sol#L681

https://github.com/sherlock-audit/2023-11-olympus/blob/9c8df76dc9820b4c6605d2e1e6d87dcfa9e50070/bophades/src/modules/PRICE/OlympusPrice.v2.sol#L160

https://github.com/sherlock-audit/2023-11-olympus/blob/9c8df76dc9820b4c6605d2e1e6d87dcfa9e50070/bophades/src/modules/PRICE/OlympusPrice.v2.sol#L252

Tool used

Manual Review

Recommendation

use a library that can do mathematics

nevillehuang commented 10 months ago

Invalid, lack of proof and no relation to how rounding will affect protocol specifically. Additionally, it is not proven how this values could be zero, as afaik, they won't be.