search

sherlock-audit / 2024-08-woofi-solana-deployment-judging

0 stars 0 forks source link

Uneven Tin Mongoose - The calculation of `quote_amount` may result in discrepancies #26

Open sherlock-admin4 opened 15 hours ago

sherlock-admin4 commented 15 hours ago

Uneven Tin Mongoose

High

The calculation of quote_amount may result in discrepancies

Summary

Failure to account for the spread results in discrepancies in the quote_amount calculation.

Vulnerability Detail

In the Swap base-to-base operation, the EVM code includes the following calculation:

uint64 spread = _maxUInt64(state1.spread, state2.spread) / 2;

This is the code link: here. The operation takes the maximum spread between two tokens and then divides it by 2.

However, this calculation is missing in the Solana codebase, which may result in discrepancies when calculating the quote_amount:

let calc_a: u128 = checked_mul_div(base_amount, state.price_out, decimals.price_dec as u128)?;
let calc_b: u128 = ONE_E18_U128
    .checked_sub(gamma)
    .unwrap()
    .checked_sub(state.spread as u128)
    .unwrap();
let calc_c = checked_mul_div(calc_a, calc_b, ONE_E18_U128)?;
let quote_amount = checked_mul_div(
    calc_c,
    decimals.quote_dec as u128,
    decimals.base_dec as u128,
)?;

Impact

This omission may lead to incorrect quote_amount calculations.

Code Snippet

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/util/swap_math.rs#L53-L64 https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L96

Tool used

Manual Review

Recommendation

It is recommended to follow the EVM implementation:

uint64 spread = _maxUInt64(state1.spread, state2.spread) / 2;
toprince commented 13 hours ago

it is by desing. same with https://github.com/sherlock-audit/2024-08-woofi-solana-deployment-judging/issues/12