Breakage in Mathematical Logic Due to Excessive Oracle Price in GSP.sol
Summary
In the GSP.sol contract, setting the oracle price _I_ to a value significantly higher than 10**18 can disrupt the mathematical calculations in the DecimalMath library. Specifically, if _I_ is set to 10**36, it leads to incorrect results in the buyShares function when calculating shares, especially when the total supply is zero.
Vulnerability Detail
The GSP.sol contract allows setting the oracle price _I_ with the constraint that i <= 10**36. However, using a value like 10**36 can cause issues in the DecimalMath.divFloor function used in the buyShares function of GSPFunding.sol. The divFloor function multiplies the target by 10**18 before dividing by the divisor. If the divisor (in this case, the oracle price _I_) is too high, such as 10**36, the division may result in zero, leading to incorrect share calculations.
Impact
This issue can lead to significant inaccuracies in share allocation, particularly for the first buyers in the pool. It undermines the reliability of the share distribution mechanism and can lead to financial discrepancies in the pool's operation.
function divFloor(uint256 target, uint256 d) internal pure returns (uint256) {
return target * (10 ** 18) / d;
}
Tool used
Manual Review
Recommendation
Modify the DecimalMath library to accept the decimal places as a dynamic parameter in each function. This change will allow the library to handle a wider range of divisor values accurately.
Implement additional checks in the GSP.sol contract to ensure that the oracle price I is within a range that the DecimalMath library can handle without causing calculation errors.
By making these changes, the contract can maintain accurate and reliable mathematical operations regardless of the oracle price set, ensuring the integrity of its financial logic.
mike-watson
high
Breakage in Mathematical Logic Due to Excessive Oracle Price in
GSP.sol
Summary
In the
GSP.sol
contract, setting the oracle price_I_
to a value significantly higher than10**18
can disrupt the mathematical calculations in theDecimalMath
library. Specifically, if_I_
is set to10**36
, it leads to incorrect results in thebuyShares
function when calculating shares, especially when the total supply is zero.Vulnerability Detail
The
GSP.sol
contract allows setting the oracle price_I_
with the constraint thati <= 10**36
. However, using a value like10**36
can cause issues in theDecimalMath.divFloor
function used in thebuyShares
function ofGSPFunding.sol
. ThedivFloor
function multiplies the target by10**18
before dividing by the divisor. If the divisor (in this case, the oracle price_I_
) is too high, such as10**36
, the division may result in zero, leading to incorrect share calculations.Impact
This issue can lead to significant inaccuracies in share allocation, particularly for the first buyers in the pool. It undermines the reliability of the share distribution mechanism and can lead to financial discrepancies in the pool's operation.
Code Snippet
DecimalMath
:Tool used
Manual Review
Recommendation
Modify the DecimalMath library to accept the decimal places as a dynamic parameter in each function. This change will allow the library to handle a wider range of divisor values accurately. Implement additional checks in the GSP.sol contract to ensure that the oracle price I is within a range that the DecimalMath library can handle without causing calculation errors. By making these changes, the contract can maintain accurate and reliable mathematical operations regardless of the oracle price set, ensuring the integrity of its financial logic.