This is the code link: here. The operation takes the maximum spread between two tokens and then divides it by 2.
However, this calculation is missing in the Solana codebase, which may result in discrepancies when calculating the quote_amount:
let calc_a: u128 = checked_mul_div(base_amount, state.price_out, decimals.price_dec as u128)?;
let calc_b: u128 = ONE_E18_U128
.checked_sub(gamma)
.unwrap()
.checked_sub(state.spread as u128)
.unwrap();
let calc_c = checked_mul_div(calc_a, calc_b, ONE_E18_U128)?;
let quote_amount = checked_mul_div(
calc_c,
decimals.quote_dec as u128,
decimals.base_dec as u128,
)?;
Impact
This omission may lead to incorrect quote_amount calculations.
Uneven Tin Mongoose
High
The calculation of
quote_amount
may result in discrepanciesSummary
Failure to account for the spread results in discrepancies in the
quote_amount
calculation.Vulnerability Detail
In the Swap base-to-base operation, the EVM code includes the following calculation:
This is the code link: here. The operation takes the maximum spread between two tokens and then divides it by 2.
However, this calculation is missing in the Solana codebase, which may result in discrepancies when calculating the
quote_amount
:Impact
This omission may lead to incorrect
quote_amount
calculations.Code Snippet
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/util/swap_math.rs#L53-L64 https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L96
Tool used
Manual Review
Recommendation
It is recommended to follow the EVM implementation: