This repository has been archived by the owner on Dec 17, 2023. It is now read-only.
Cryptor - Precision loss in calculation of totalRebalanceNotional #28
Labels
Non-Reward
This issue will not receive a payout
Cryptor
high
Precision loss in calculation of totalRebalanceNotional
Summary
The function _calculateChunkRebalanceNotional may calculate the wrong value for totalRebalanceNotional, resulting in the wrong leverage ratio in _updateRebalanceState
Vulnerability Detail
The function _calculateChunkRebalanceNotional calculates the value for totalRebalanceNotional as follows
uint256 totalRebalanceNotional = leverageRatioDifference.preciseDiv(_leverageInfo.currentLeverageRatio).preciseMul(_leverageInfo.action.collateralBalance);
https://github.com/sherlock-audit/2023-05-Index/blob/main/index-coop-smart-contracts/contracts/adapters/AaveLeverageStrategyExtension.sol#L1068
This will result in a precision loss as division is performed before multiplication. This may affect the result of _updateRebalanceState
which calculates a different leverage ratio depending on the value of totalRebalanceNotional
if (_chunkRebalanceNotional < _totalRebalanceNotional) { twapLeverageRatio = _newLeverageRatio; }
https://github.com/sherlock-audit/2023-05-Index/blob/main/index-coop-smart-contracts/contracts/adapters/AaveLeverageStrategyExtension.sol#L1169-L1171
Impact
The function may return the incorrect leverage ratio, when calling critical functions (engage, disengage, ripcord)
Code Snippet
https://github.com/sherlock-audit/2023-05-Index/blob/main/index-coop-smart-contracts/contracts/adapters/AaveLeverageStrategyExtension.sol#L1068
https://github.com/sherlock-audit/2023-05-Index/blob/main/index-coop-smart-contracts/contracts/adapters/AaveLeverageStrategyExtension.sol#L1169-L1171
Tool used
Manual Review
Recommendation
Perform multiplication first and then do the division.
Duplicate of #299
The text was updated successfully, but these errors were encountered: