Skip to content

Mult instead div in compares #23

Open
Open
Mult instead div in compares#23
Labels
1 (Low Risk)Assets are not at risk. State handling, function incorrect as to spec, issues with commentsbugSomething isn't workingsponsor acknowledgedTechnically the issue is correct, but we're not going to resolve it for XYZ reasons
@code423n4

Description

@code423n4
code423n4
opened on Jan 27, 2022

Handle

mics

Vulnerability details

To improve algorithm precision instead using division in comparison use multiplication in the following scenario:
Instead a < b / c use a * c < b.

In all of the big and trusted contracts this rule is maintained (for example look at AAVE codebase).

    OpenLevV1.sol, 125, require(borrow == 0 || deposit.mul(10000).div(tv.borrowValue) > vars.marginLimit, "MAM");
    OpenLevV1Lib.sol, 166, uint hAvg = marketValue >= borrowed ? marketValue.sub(borrowed).mul(ratioVars.multiplier).div(borrowed) : 0;
    OpenLevV1.sol, 219, require(repayed >= closeTradeVars.borrowed.mul(closeTradeVars.closeRatio).div(1e18), "IRP"); 
    OpenLevV1Lib.sol, 164, uint cAvg = marketValue >= borrowed ? marketValue.sub(borrowed).mul(ratioVars.multiplier).div(borrowed) : 0;
    OpenLevV1Lib.sol, 276, share = totalShare > 0 && reserve > 0 ? totalShare.mul(amount) / reserve : amount;
    OpenLevV1Lib.sol, 162, uint current = marketValue >= borrowed ? marketValue.sub(borrowed).mul(ratioVars.multiplier).div(borrowed) : 0;
    LPool.sol, 892, require(vars.actualRepayAmount.mul(1e18).div(vars.accountBorrows) <= 105e16, 'repay more than 5%');

Metadata

Metadata

Assignees

No one assigned

    Labels

    1 (Low Risk)Assets are not at risk. State handling, function incorrect as to spec, issues with commentsbugSomething isn't workingsponsor acknowledgedTechnically the issue is correct, but we're not going to resolve it for XYZ reasons

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions