Due to precision loss, it is impossible to correctly calculate `tokenAReturnAmount`, `tokenBReturnAmount`, `tokenReturnAmount`, and `tokenOutReturnAmount`.

Summary:

Due to precision loss, it is impossible to correctly calculate tokenAReturnAmount, tokenBReturnAmount, tokenReturnAmount, and tokenOutReturnAmount.

Vulnerability Detail

The reason lies in the fact that the calculation of these values uses Divide before multiply, where performing division before multiplication leads to precision loss.

A simple example is as follows (can be run in Remix):


// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.0;

contract test { uint256 a; uint256 b;

constructor(uint256 _a, uint256 _b) {
    a = _a;
    b = _b;
}

function test01() public view returns (uint256){
    return (a * b) / b;
}

function test02() public view returns (uint256){
    return (a / b) * b;
}

}

// The final result: // a = 1, b =2: // Call test01 -->> Result: 1 // Call test02 -->> Result: 0


## Impact

precision loss

## Code Snippet:

- [https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L129-L130](https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L129-L130)
- https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L175
- https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L312

## Tool used

Manual Review

## Recommendation:

Consider ordering multiplication before division.

```diff
-    uint256 tokenAReturnAmount = (amountA / tokenAOffset) * tokenAOffset;
-    uint256 tokenBReturnAmount = (amountB / tokenBOffset) * tokenBOffset;
+    uint256 tokenAReturnAmount = (amountA * tokenAOffset) / tokenAOffset;
+    uint256 tokenBReturnAmount = (amountB * tokenBOffset) / tokenBOffset;
.
.
.
-     uint256 tokenReturnAmount = (amountToken / tokenOffset) * tokenOffset;
+     uint256 tokenReturnAmount = (amountToken * tokenOffset) / tokenOffset;
.
.
.
-     uint256 tokenOutReturnAmount = (balanceOut / tokenOutOffset) * tokenOutOffset;
+     uint256 tokenOutReturnAmount = (balanceOut * tokenOutOffset) / tokenOutOffset;

sherlock-audit / 2024-02-jala-swap-judging

0x996 - Due to precision loss, it is impossible to correctly calculate `tokenAReturnAmount`, `tokenBReturnAmount`, `tokenReturnAmount`, and `tokenOutReturnAmount`. #184

Due to precision loss, it is impossible to correctly calculate `tokenAReturnAmount`, `tokenBReturnAmount`, `tokenReturnAmount`, and `tokenOutReturnAmount`.

Summary:

Vulnerability Detail

sherlock-audit / 2024-02-jala-swap-judging

0x996 - Due to precision loss, it is impossible to correctly calculate `tokenAReturnAmount`, `tokenBReturnAmount`, `tokenReturnAmount`, and `tokenOutReturnAmount`. #184

Due to precision loss, it is impossible to correctly calculate tokenAReturnAmount, tokenBReturnAmount, tokenReturnAmount, and tokenOutReturnAmount.

Summary:

Vulnerability Detail

Due to precision loss, it is impossible to correctly calculate `tokenAReturnAmount`, `tokenBReturnAmount`, `tokenReturnAmount`, and `tokenOutReturnAmount`.