nevillehuang
commented
9 months ago Invalid, deployer/admin trusted to deploy with correct I value corresponding to token decimals
Closed sherlock-admin closed 9 months ago
nevillehuang
commented
9 months ago Invalid, deployer/admin trusted to deploy with correct I value corresponding to token decimals
mike-watson
high
Breakage in Mathematical Logic Due to Excessive Oracle Price in
GSP.solSummary
In the
GSP.solcontract, setting the oracle price_I_to a value significantly higher than10**18can disrupt the mathematical calculations in theDecimalMathlibrary. Specifically, if_I_is set to10**36, it leads to incorrect results in thebuySharesfunction when calculating shares, especially when the total supply is zero.Vulnerability Detail
The
GSP.solcontract allows setting the oracle price_I_with the constraint thati <= 10**36. However, using a value like10**36can cause issues in theDecimalMath.divFloorfunction used in thebuySharesfunction ofGSPFunding.sol. ThedivFloorfunction multiplies the target by10**18before dividing by the divisor. If the divisor (in this case, the oracle price_I_) is too high, such as10**36, the division may result in zero, leading to incorrect share calculations.Impact
This issue can lead to significant inaccuracies in share allocation, particularly for the first buyers in the pool. It undermines the reliability of the share distribution mechanism and can lead to financial discrepancies in the pool's operation.
Code Snippet
DecimalMath:Tool used
Manual Review
Recommendation
Modify the DecimalMath library to accept the decimal places as a dynamic parameter in each function. This change will allow the library to handle a wider range of divisor values accurately. Implement additional checks in the GSP.sol contract to ensure that the oracle price I is within a range that the DecimalMath library can handle without causing calculation errors. By making these changes, the contract can maintain accurate and reliable mathematical operations regardless of the oracle price set, ensuring the integrity of its financial logic.