Closed sherlock-admin2 closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Collateral price is represented in 6 decimals, so guaranteed to have no issue
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Collateral price is represented in 6 decimals, so guaranteed to have no issue
Invalid, given price pricision is in 1e6 it is unlikely that stable coin collateral will have price of 1. Additionally, I do not see any precision loss here
0xchromatin
medium
Precision Loss/Incorrect return value
Summary
This report outlines a vulnerability identified in the "LibUbiquityPool::getDollarInCollateral" function within a smart contract. The issue lies in the return value calculation, which can potentially lead to incorrect financial computations.
Vulnerability Detail
The core of the issue is within the "LibUbiquityPool::getDollarInCollateral" function. It's designed to calculate and return the amount of dollar equivalent for a given amount of collateral, indexed by "LibUbiquityPool::collateralIndex". The vulnerability arises from how the return value is computed, specifically the division operations involving "poolStorage.missingDecimals[collateralIndex]" and "poolStorage.collateralPrices[collateralIndex]". These divisions could lead to imprecise or incorrect dollar value calculations.
Impact
If exploited, this vulnerability can cause significant discrepancies in financial calculations within the contract, potentially leading to incorrect minting of dollar amounts based on given collateral. This can further impact the overall financial integrity of the contract and any connected systems.
Code Snippet
LoC https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L284C3-L284C3
PoC
Assumptions:
Tool used
Manual Review
Recommendation
A thorough review and revision of the "LibUbiquityPool::getDollarInCollateral" function are recommended to ensure accurate financial computations. This might involve re-evaluating the logic used for division and considering the implications of floating-point operations in the Solidity environment. Additional unit tests and validation methods should also be implemented to ensure the accuracy of calculations, especially under varying conditions.