You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
sherlock-admin opened this issue
May 23, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
is greater than 1e12 the returned value for getOwnValuation() will be zero even though the price was not actually 0. this will lead to incorrect calculation in rebalance resulting in the protocol calling BuyUSSDSellCollateral() when it shouldnt.
It is possible for this value to be greater than 1e12. And this will cause an price to be 0 due to the next line:
price = (1e24 / price) / 1e12;
Here is an example. If you run this function you will see that the return value is 0.
function flip(uint256 price /*this would go where 1e13 is*/) publicviewreturns (uint256) {
return (1e24/1e13) /1e12; // Returns 0
}
Impact
Protocol will incorrectly return 0 when the price is not actually 0. Leading to BuyUSSDSellCollateral being called when it shouldn't. this will ruin the balance of the stablecoin.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
kiki_dev
high
getOwnValuation() will underflow when price is greater than 1e12
Summary
If the token is not USSD and the price returned from
price = uint(sqrtPriceX96)*(uint(sqrtPriceX96))*(1e18 /* 1e12 + 1e6 decimal representation */) >> (96 * 2);
is greater than 1e12 the returned value for
getOwnValuation()
will be zero even though the price was not actually 0. this will lead to incorrect calculation in rebalance resulting in the protocol callingBuyUSSDSellCollateral()
when it shouldnt.Vulnerability Detail
Price is received here
price = uint(sqrtPriceX96)*(uint(sqrtPriceX96))*(1e18 /* 1e12 + 1e6 decimal representation */) >> (96 * 2);
It is possible for this value to be greater than 1e12. And this will cause an price to be 0 due to the next line:
price = (1e24 / price) / 1e12;
Here is an example. If you run this function you will see that the return value is 0.
Impact
Protocol will incorrectly return 0 when the price is not actually 0. Leading to
BuyUSSDSellCollateral
being called when it shouldn't. this will ruin the balance of the stablecoin.Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSDRebalancer.sol#L78
Tool used
Manual Review
Recommendation
Use a different formula to "flip the fraction". that wont lead to an underflow. It is important that the numerator is greater than the denominator.
Duplicate of #222
The text was updated successfully, but these errors were encountered: