Precision Loss and Incorrect Handling of Unwrappable Amounts in _unwrapAndTransfer function
Summary
Precision Loss Due to Integer Division and Incorrect Handling of Unwrappable Amounts in _unwrapAndTransfer function.
Vulnerability Detail
This line is designed to adjust the amount of wrapped tokens based on their decimal precision when unwrapping them. The intent is to convert the wrapped token amounts back to their original state, taking into account any discrepancies in decimal places between the wrapped tokens and their underlying assets.
Solidity performs integer division, which means any division operation discards the remainder if it does not divide evenly. This truncation can lead to a loss of precision in the calculation of tokenOutReturnAmount. For example, if balanceOut is not a multiple of tokenOutOffset, the division operation will truncate the decimal part, resulting in a smaller tokenOutReturnAmount than the actual balance that could be unwrapped accurately.
After calculating tokenOutReturnAmount, the function attempts to unwrap this amount and transfer any remaining balance as "dust" in wrapped token form to the recipient. However, due to the precision loss described, the "dust" may represent a more significant portion of the funds than expected, potentially leaving users with less unwrapped currency than they anticipate.
Impact
Users may receive fewer unwrapped tokens than expected, leading to confusion and potential financial loss.
The precision loss creates inefficiencies by leaving a balance of wrapped tokens in the contract, which could have been unwrapped or utilized more effectively.
cheatcode
medium
Precision Loss and Incorrect Handling of Unwrappable Amounts in _unwrapAndTransfer function
Summary
Precision Loss Due to Integer Division and Incorrect Handling of Unwrappable Amounts in _unwrapAndTransfer function.
Vulnerability Detail
This line is designed to adjust the amount of wrapped tokens based on their decimal precision when unwrapping them. The intent is to convert the wrapped token amounts back to their original state, taking into account any discrepancies in decimal places between the wrapped tokens and their underlying assets.
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L312
Solidity performs integer division, which means any division operation discards the remainder if it does not divide evenly. This truncation can lead to a loss of precision in the calculation of
tokenOutReturnAmount. For example, ifbalanceOutis not a multiple oftokenOutOffset, the division operation will truncate the decimal part, resulting in a smallertokenOutReturnAmountthan the actual balance that could be unwrapped accurately.After calculating
tokenOutReturnAmount, the function attempts to unwrap this amount and transfer any remaining balance as "dust" in wrapped token form to the recipient. However, due to the precision loss described, the "dust" may represent a more significant portion of the funds than expected, potentially leaving users with less unwrapped currency than they anticipate.Impact
Users may receive fewer unwrapped tokens than expected, leading to confusion and potential financial loss.
The precision loss creates inefficiencies by leaving a balance of wrapped tokens in the contract, which could have been unwrapped or utilized more effectively.
Code Snippet
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L312
Tool used
Manual Review
Recommendation
Round up or down to the nearest whole number based on the remainder.
Duplicate of #158