if gamma is less, then the trade is executed at a better price for the user and vice versa. As a result, the computation of gamma should round-up to favor the protocol. Rounding-down the computation favors the user instead of the protocol.
This is particularly problematic for the Solana deployment because single operation in Solidity is divided into multiple operations in Solana, as a result, increasing the rounding error.
The computation of gamma is divided into two operations. The rounding error in the calculation of gamma_calc_a gets multiplied by the coeff in #L33 resulting in increased rounding error.
Root Cause
The swap_math::calc_quote_amount_sell_base function rounds down the value of gamma favouring the user instead of the protocol. The rounding error is significantly increased because of divison of the operation:
User gets more quote tokens then they should on every swap because of rounding-down on gamma. The loss from rounding-down adds up to a significant value for the protocol LPs.
PoC
No response
Mitigation
Update the calc_quote_amount_sell_base function to round-up the computation of gamma.
Uneven Gingham Locust
Medium
Gamma is rounded down, against the protocol, in calc_quote_amount_sell_base
Summary
The amount of quote tokens for a given amount of base tokens is calculated using the following formula:
The trade is executed at the price
if gamma is less, then the trade is executed at a better price for the user and vice versa. As a result, the computation of gamma should round-up to favor the protocol. Rounding-down the computation favors the user instead of the protocol.
This is particularly problematic for the Solana deployment because single operation in Solidity is divided into multiple operations in Solana, as a result, increasing the rounding error.
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/util/swap_math.rs#L29-L33
The computation of gamma is divided into two operations. The rounding error in the calculation of
gamma_calc_agets multiplied by thecoeffin #L33 resulting in increased rounding error.Root Cause
The
swap_math::calc_quote_amount_sell_basefunction rounds down the value ofgammafavouring the user instead of the protocol. The rounding error is significantly increased because of divison of the operation:https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/util/swap_math.rs#L29-L33
The Solidity version computes the gamma in a single operation:
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
User gets more quote tokens then they should on every swap because of rounding-down on
gamma. The loss from rounding-down adds up to a significant value for the protocol LPs.PoC
No response
Mitigation
Update the
calc_quote_amount_sell_basefunction to round-up the computation of gamma.