search

sherlock-audit / 2024-02-perennial-v2-3-judging

6 stars 5 forks source link

4b - Vault Rounding Issue in `Vault.sol::_update` #15

Closed sherlock-admin3 closed 5 months ago

sherlock-admin3 commented 5 months ago

4b

medium

Vault Rounding Issue in Vault.sol::_update

Summary

according EIP4626 Rounding Specification the claimAmount should be rounded up.

Vulnerability Detail

this protocol rounds down the claimAmount by default .t According to the EIP4626 rounding specification the rounding of the claimAmount must be up but the _socialize function which returns the claimAmount doesn't take into condition that constraint and just runs it down by default.

Impact

this current implementation will round down the claimAmount expected instead of otherwise.

Code Snippet

claimAmount UFixed6 claimAmount = _socialize(context, claimAssets);

Vault.sol::_socialize

    function _socialize(Context memory context, UFixed6 claimAssets) private pure returns (UFixed6) {
        return context.global.assets.isZero() ?
            UFixed6Lib.ZERO :
            claimAssets.muldiv(
                UFixed6Lib.unsafeFrom(context.totalCollateral).min(context.global.assets),
                context.global.assets
            );
    }

Tool used

Manual Review

Recommendation

the implementation of _socialize should be checked to make sure claimAmount will have a rounded up value

sherlock-admin3 commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, the vault claim amount has nothing to do with EIP4626

nevillehuang commented 4 months ago

Invalid as seen below. Additionally, the watson lacks proof of impact for what seems to be small rounding errors (check)

Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?

No