search

sherlock-audit / 2024-03-axis-finance-judging

1 stars 0 forks source link

hash - User's will receive less than minAmountOut #249

Closed sherlock-admin3 closed 5 months ago

sherlock-admin3 commented 6 months ago

hash

medium

User's will receive less than minAmountOut

Summary

User's will receive less than minAmountOut

Vulnerability Detail

Due to rounding (up for prices), a use can receive less than specified minAmountOut.

        price = uint96(Math.mulDivUp(amountIn, baseScale_, qBid.minAmountOut));

Example

Bid amount = 250000000000000000 minAmountOut = 500000000000000001 actual recied amount = 500000000000000000

Impact

Contracts interacting will expect exact amount but get less which can impact their operations

Code Snippet

https://github.com/sherlock-audit/2024-03-axis-finance/blob/cadf331f12b485bac184111cdc9ba1344d9fbf01/moonraker/src/modules/auctions/EMPAM.sol#L586

Tool used

Manual Review

Recommendation

Acknoledge

nevillehuang commented 5 months ago

Low severity, extremely small amount of imprecision involved