This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
kiki_dev - getOwnValuation() will underflow when price is greater than 1e12 #122
Comments
github-actions
bot
added
High
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
kiki_dev
high
getOwnValuation() will underflow when price is greater than 1e12
Summary
If the token is not USSD and the price returned from
price = uint(sqrtPriceX96)*(uint(sqrtPriceX96))*(1e18 /* 1e12 + 1e6 decimal representation */) >> (96 * 2);is greater than 1e12 the returned value for
getOwnValuation()will be zero even though the price was not actually 0. this will lead to incorrect calculation in rebalance resulting in the protocol callingBuyUSSDSellCollateral()when it shouldnt.Vulnerability Detail
Price is received here
price = uint(sqrtPriceX96)*(uint(sqrtPriceX96))*(1e18 /* 1e12 + 1e6 decimal representation */) >> (96 * 2);It is possible for this value to be greater than 1e12. And this will cause an price to be 0 due to the next line:
price = (1e24 / price) / 1e12;Here is an example. If you run this function you will see that the return value is 0.
Impact
Protocol will incorrectly return 0 when the price is not actually 0. Leading to
BuyUSSDSellCollateralbeing called when it shouldn't. this will ruin the balance of the stablecoin.Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSDRebalancer.sol#L78
Tool used
Manual Review
Recommendation
Use a different formula to "flip the fraction". that wont lead to an underflow. It is important that the numerator is greater than the denominator.
Duplicate of #222
The text was updated successfully, but these errors were encountered: