search

sherlock-audit / 2024-08-woofi-solana-deployment-judging

0 stars 0 forks source link

Scrawny Cobalt Goldfish - precision loss in calc_quote_amount_sell_base. #71

Open sherlock-admin4 opened 13 hours ago

sherlock-admin4 commented 13 hours ago

Scrawny Cobalt Goldfish

Medium

precision loss in calc_quote_amount_sell_base.

Summary

we are doing division before multiplication ,that can cause a precision loss .

Vulnerability Detail

Here we are doing division before multiplication. pub fn calc_quote_amount_sell_base( baseamount: u128, woopool: &Account<', WooPool>, decimals: &Decimals, state: &GetStateResult, ) -> Result<(u128, u128)> { require!(state.feasible_out, ErrorCode::WooOracleNotFeasible);

require!(state.price_out > 0, ErrorCode::WooOraclePriceNotValid);

@>> //let notionalSwap : u128 = (base_amount state.price_out decimals.quote_dec) / decimals.base_dec / decimals.price_dec; @>> let notion_calc_a: u128 = checked_mul_div(base_amount, state.price_out, decimals.price_dec as u128)?; @>> let notional_swap: u128 = checked_mul_div( notion_calc_a, decimals.quote_dec as u128, decimals.base_dec as u128, )?;

Impact

there is a precision loss in calc_quote_amount_sell_base.

Code Snippet

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/util/swap_math.rs#L16

Tool used

Manual Review

Recommendation

do not do division before multiplication.