Skip to content
This repository has been archived by the owner on Dec 17, 2023. It is now read-only.

Cryptor - Precision loss in calculation of totalRebalanceNotional #28

Closed
sherlock-admin opened this issue Jun 14, 2023 · 0 comments
Closed

Cryptor - Precision loss in calculation of totalRebalanceNotional #28

sherlock-admin opened this issue Jun 14, 2023 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Jun 14, 2023
edited by github-actions bot
Loading

Cryptor

high

Precision loss in calculation of totalRebalanceNotional

Summary

The function _calculateChunkRebalanceNotional may calculate the wrong value for totalRebalanceNotional, resulting in the wrong leverage ratio in _updateRebalanceState

Vulnerability Detail

The function _calculateChunkRebalanceNotional calculates the value for totalRebalanceNotional as follows

uint256 totalRebalanceNotional = leverageRatioDifference.preciseDiv(_leverageInfo.currentLeverageRatio).preciseMul(_leverageInfo.action.collateralBalance);

https://github.com/sherlock-audit/2023-05-Index/blob/main/index-coop-smart-contracts/contracts/adapters/AaveLeverageStrategyExtension.sol#L1068

This will result in a precision loss as division is performed before multiplication. This may affect the result of _updateRebalanceState
which calculates a different leverage ratio depending on the value of totalRebalanceNotional

if (_chunkRebalanceNotional < _totalRebalanceNotional) { twapLeverageRatio = _newLeverageRatio; }

https://github.com/sherlock-audit/2023-05-Index/blob/main/index-coop-smart-contracts/contracts/adapters/AaveLeverageStrategyExtension.sol#L1169-L1171

Impact

The function may return the incorrect leverage ratio, when calling critical functions (engage, disengage, ripcord)

Code Snippet

https://github.com/sherlock-audit/2023-05-Index/blob/main/index-coop-smart-contracts/contracts/adapters/AaveLeverageStrategyExtension.sol#L1068

https://github.com/sherlock-audit/2023-05-Index/blob/main/index-coop-smart-contracts/contracts/adapters/AaveLeverageStrategyExtension.sol#L1169-L1171

Tool used

Manual Review

Recommendation

Perform multiplication first and then do the division.

Duplicate of #299
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 19, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin