search

sherlock-audit / 2024-02-jala-swap-judging

6 stars 4 forks source link

0xAadi - Precision Loss Due to Division Before Multiplication #242

Closed sherlock-admin closed 6 months ago

sherlock-admin commented 6 months ago

0xAadi

medium

Precision Loss Due to Division Before Multiplication

Summary

The JalaMasterRouter contract demonstrates a precision loss vulnerability due to the order of arithmetic operations in several functions. The contract's logic involves dividing a token's balance by its decimal offset and subsequently multiplying by the same offset. This can lead to truncation of any fractional remainder during the division, potentially resulting in users receiving less than the expected amount of unwrapped tokens.

Vulnerability Detail

Affected Functions

Please note that line numbers 129, 130, 175, and 312 all perform division before multiplication, which can lead to precision loss due to integer division truncation.

129:        uint256 tokenAReturnAmount = (amountA / tokenAOffset) * tokenAOffset;
130:        uint256 tokenBReturnAmount = (amountB / tokenBOffset) * tokenBOffset;
.
.
175:        uint256 tokenReturnAmount = (amountToken / tokenOffset) * tokenOffset;
.
.
312:        uint256 tokenOutReturnAmount = (balanceOut / tokenOutOffset) * tokenOutOffset;

https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L129C8-L130C78 https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L175C8-L175C79 https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L312

Impact

Users may not receive the full amount of tokens they are entitled to when unwrapping, leading to a loss of funds.

Code Snippet

https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L129C8-L130C78 https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L175C8-L175C79 https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaMasterRouter.sol#L312

Tool used

Manual Review

Recommendation

Refactor the affected calculations to perform multiplication before division. This change will preserve the full precision of token amounts during unwrapping operations.

nevillehuang commented 6 months ago

Invalid, lack detailed numerical example/PoC and description of impact required by sherlock