The system uses precision up to 18 decimal places for the balance value, so the arithmetic precision of the balances and reserveVault values in the depositToReserveVault and withdrawalFromReserveVault functions must be the same. Otherwise, funds will be lost due to arithmetic errors.
danyilbalko
Medium
The withdrawFromReserveVault function must ensure arithmetic precision for the amount value
Summary
In the AccountFacetImpl.sol file,
the withdraw function modified the value in the balance by ensuring arithmetic precision for the amount value,
but the withdrawFromReserveVault function did not do so.
This could result in a loss of funds due to an arithmetic error in the system.
Root Cause
https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/facets/Account/AccountFacetImpl.sol#L127
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
The system uses precision up to 18 decimal places for the balance value, so the arithmetic precision of the balances and reserveVault values in the depositToReserveVault and withdrawalFromReserveVault functions must be the same. Otherwise, funds will be lost due to arithmetic errors.
Mitigation