Closed sherlock-admin3 closed 5 months ago
hash
medium
User's will receive less than minAmountOut
Due to rounding (up for prices), a use can receive less than specified minAmountOut.
price = uint96(Math.mulDivUp(amountIn, baseScale_, qBid.minAmountOut));
Bid amount = 250000000000000000 minAmountOut = 500000000000000001 actual recied amount = 500000000000000000
Contracts interacting will expect exact amount but get less which can impact their operations
https://github.com/sherlock-audit/2024-03-axis-finance/blob/cadf331f12b485bac184111cdc9ba1344d9fbf01/moonraker/src/modules/auctions/EMPAM.sol#L586
Manual Review
Acknoledge
Low severity, extremely small amount of imprecision involved
hash
medium
User's will receive less than minAmountOut
Summary
User's will receive less than minAmountOut
Vulnerability Detail
Due to rounding (up for prices), a use can receive less than specified minAmountOut.
Example
Bid amount = 250000000000000000 minAmountOut = 500000000000000001 actual recied amount = 500000000000000000
Impact
Contracts interacting will expect exact amount but get less which can impact their operations
Code Snippet
https://github.com/sherlock-audit/2024-03-axis-finance/blob/cadf331f12b485bac184111cdc9ba1344d9fbf01/moonraker/src/modules/auctions/EMPAM.sol#L586
Tool used
Manual Review
Recommendation
Acknoledge