This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
Bauer - The getOwnValuation() function contains errors in the price calculation #222
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Bauer
high
The getOwnValuation() function contains errors in the price calculation
Summary
The getOwnValuation() function in the provided code has incorrect price calculation logic when token0() or token1() is equal to USSD. The error leads to inaccurate price calculations.
Vulnerability Detail
The
USSDRebalancer.getOwnValuation()
function calculates the price based on the sqrtPriceX96 value obtained from the uniPool.slot0() function. The calculation depends on whether token0() is equal to USSD or not.If token0() is equal to USSD, the price calculation is performed as follows:
However,there is an error in the price calculation logic. The calculation should be:
If token0() is not equal to USSD, the price calculation is slightly different:
The calculation should be:
Reference link:
https://blog.uniswap.org/uniswap-v3-math-primer
Impact
The incorrect price calculation in the getOwnValuation() function can lead to significant impact on the valuation of assets in the UniSwap V3 pool. The inaccurate prices can result in incorrect asset valuations, which may affect trading decisions, liquidity provision, and overall financial calculations based on the UniSwap V3 pool.
Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSDRebalancer.sol#L74
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSDRebalancer.sol#L76
Tool used
Manual Review
Recommendation
When token0() is USSD, the correct calculation should be uint(sqrtPriceX96) * uint(sqrtPriceX96) * 1e6 >> (96 * 2).
When token1() is USSD, the correct calculation should be
The text was updated successfully, but these errors were encountered: